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Data  center  makeover:  Six  experts  offer  their  advice  for 

redesigning  the  data  center  at  a  hypothetical  company  with  real  problems.  PAGE  38. 
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The  miracles 
of  science' 


Choose  DuPont  certified  cable 
for  maximum  protection. 
Learn  more  on  page  22. 


Companies 
rush  to  plug 
‘data  leaks’ 


Experts  fear 
RFID  strain 
on  networks 


■  BY  ELLEN  MESSMER 

The  threat  entails  employees 
leaking  sensitive  data  about  cus¬ 
tomers,  finances  or  intellectual 
property  in  violation  of  security 
policies  and  regulatory  require¬ 
ments.  Sometimes  it’s  by  mistake 
and  sometimes  the  employee  is 
looking  to  make  a  financial  gain. 

To  combat  data  leakage,  a  grow¬ 
ing  number  of  vendors  are  pitch¬ 
ing  products  designed  to  moni¬ 
tor  sensitive  information  and 
block  outgoing  e-mails  or  instant 
messages  containing  it.This  week 
alone,  newcomer  Fidelis  Security 
Systems  will  debut,  veteran  play¬ 
er  Vidius  will  change  its  name 
and  launch  a  product,  and  Tablus 
will  reveal  plans  to  deliver  a 
product  that  combines  network- 
and  desktop-based  monitoring 
See  Data  leakage,  page  60 


■  BY  JOHN  COX 

Network  equipment  vendors 
and  industry  watchers  are  sound¬ 
ing  the  alarm  that  RFID  threatens 
to  overwhelm  enterprise  net¬ 
works  with  operational  demands. 

Addressing  the  issue  are  big- 
name  companies  such  as  Cisco 
and  start-ups  such  as  Reva 
Systems,  which  later  this  summer 
plans  to  unveil  a  network  appli¬ 
ance  designed  to  provision  large- 
scale  RFID  networks  and  inte¬ 
grate  them  with  back-end  man¬ 
agement  and  security  resources 
and  enterprise  applications. 

The  problem  is  not  the  volume 


of  traffic  that  RFID  networks  cre¬ 
ate.  Rather,  it  is  the  sheer  number 
of  tags  and  tag  readers  that  are 
anticipated.  The  current  RFID 
approach  can’t  scale  to  handle 
those  numbers. 

“Without  an  architecture  for 
RFID,  large-scale  deployments  are 
not  possible,”  says  David  Pass- 
more,  research  director  for  Bur¬ 
ton  Group. “At  the  reader  level,  in 
dense  deployments  you  have  to 
worry  about  RF  interference, 
channel  assignments  and  all  that 
RF  stuff.  Most  people  don’t  have 
the  tools  and  training  to  do  that 
on  their  own.” 

See  RFID,  page  59 


■  Sun  spends  big  to  shore  up  storage  biz.  Page  10.  ■  Ethernet  expected  to  steal  show  at  Supercomm.  Page  14. 


A  Wider  Net 


Internet  security . . .  writ  very  small 

Miniature  version  of  the  'Net  used  to  assess  security  schemes. 


■  BY  ELLEN  MESSMER 


Like  a  ship  in  a  bottle,  the  Internet- 

Simulation  Event  and  Attack  Generation 
Environment  is  a  miniature  version  of 
the  real  thing:  It’s  the  vast  Internet  shrunk  to 
fit  onto  a  high-speed  LAN  on  the  floor  of  a 
building  in  a  research  park  adjacent  to  the 
Iowa  State  University  campus  in  Ames. 

Iseage  (pronounced  “ice  age”)  lets  you 
model  an  attack  on  your  network  without 
having  to  put  your  real  one  on  the  line. 

“It’s  a  test  bed  for  information  warfare," 

See  Miniature,  page  16 
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Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 
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"At  Nissan,  we  expect  to  save  at  least  $135  million  annually 
thanks  to  the  efficiencies  that  Windows  Server  2003  and 
Exchange  Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd. 


Make  a  name  for  yourself  with  Windows  Server  System. 

An  upgrade  to  Microsoft  Windows  Server  System 
made  it  possible  for  50,000  worldwide  employees 
at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars 
from  any  Internet  connection,  without  the  hassle 
and  expense  of  a  VPN.  Here's  how:  By  deploying 
Windows  Server  2003  and  Exchange  2003,  not  only 
did  Nissan  IT  meet  the  CEO's  demand  for  better  global 
collaboration,  they  expect  to  save  at  least  $135  million 
by  streamlining  their  messaging  infrastructure. 
To  get  the  full  Nissan  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 
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Server  System 


Windows  Server  System7"  includes: 


Server  Platform  Windows  Server’" 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server’" 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoinf  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 

Microsoft1  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


anything 

SC)®  Mftj— 5 


close 


distributed 


HAVE 


enterprise 
GOOD  IN 


$.  fet.  t  *  fe 


z 


~PK' 


;a 


sm 


# 


% 


V 


/ 


K 


£T# 


•  f  • 


^  •  <n'- 


CQMMUNK 


ly Mi 


*K-Ja 


Netifice,  a  leading  managed  service  provider,  has  acquired  Aventail’s  managed  SSL  VPN  Services 
used  by  95%  of  managed  SSL  VPN  customers  worldwide.  Aventail’s  Secure  Sockets  Layer  (SSL)  VI 

businesses  connect  different  types  of  remote  users  with  varying  levels  of  access,  security  and  portabi 

■ 

to  you?  Flawless  integration  of  applications.  Faster  time  to  market.  No  obsolescence  or  complex 
solve.  If  you  are  looking  to  improve  the  productivity  of  your  distributed  workforce  or  communic 
Netifice  has  the  flexibility  to  give  you  a  competitive  edge. 


V  ¥ 


^y^f  v'  IAVfeiltSil’s  leading  SSL  VPN  appliances  deliver  secure,  clientless  access  from  anywhere,  to  any  application, 
3HV device,  increasing  productivity,  while  maximizing  security  and  lowering  costs,  www.aventail.com 
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■  9  Qwest  seen  having  eyes  for  XO. 

■  9  Verizon  extending  switched  Ethernet  service. 

■  10  Sun  nabs  StorageTek  in  blockbuster. 

■  10  Microsoft  seeks  to  sync  up  software. 

■  12  HP  set  for  management  barrage. 

■  12  Juniper  adds  IPSec  to  its  SSL  platform. 

■  14  Supercomm  looks  to  build  on  telecom  momentum. 

■  14  MCI  offers  network  protection  service. 

■  59  Vendors  widen  vulnerability  management. 

■  60  Gaining  speed.  Citrix  buys  NetScaler. 
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Home  network  storage  strategies 

Your  music  collection,  home  movies,  photo  album  and  even  TV 
shows  are  being  digitized  and  stored  on  home  networks.  Our 
Network  Life  experts  will  provide  you  with  advice  on  the  best 
ways  to  get  all  of  your  digital  life  bits  into  the  proper  buck 
ets.  Supplement  after  page  16. 
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Breaking  News  Go  online  for  breaking  news  every  day.  DocFinder:  1001 

Online  help  and  advice 


Exclusive 

Moving  to  Mac:  A  one-month  review 

Columnist  Winn  Schwartau  switched  to  a  Mac  one  month  ago 
after  having  it  with  WinTel  security.  Check  out  his  review  of  his 
first  month  as  a  Mac  user  in  his  Security  Awareness  blog. 

DocFinder:  7443 

Peeking  into  Juniper's  future 

Listen  to  CEO  Scott  Kriens  talk  about  the  company's  enterprise 
net  strategy,  its  plans  for  gaining  share  in  enterprise  routing, 
why  a  Cisco  customer  would  want  to  jump  ship  to  Juniper  and 
more  in  our  25-minute  audio  interview. 

DocFinder:  7444 

Network  World  Radio:  Apple's  Mac  OS  X 
10.4 

This  week  we  turn  our  attention  to  the  latest  release  of  the 
Macintosh  operating  system,  Mac  OS  X  10,4  —  or  Tiger  — 
which  was  released  about  a  month  ago.  Joining  the  program  is 
Gordon  Haff,  senior  analyst  at  llluminata  in  Nashua,  N.H. 

DocFinder.  7445 

Network  Life:  Spotlight  on  home  storage 

Get  tips  and  suggestions  on  the  best  ways  to  provide  your  home 
network  clients  (friends,  family  and  neighbors)  the  storage  and 
back-up  protection  they'll  need  to  keep  them  (and  you)  a  happy  net¬ 
work  citizen.  We  offer  advice  on  PC  recycling/repurposing,  ways  to 
stream  media  around  your  house,  tests  and  much  more. 
DocFinder:  7446 


Nutter’s  Help  Desk 

Rrewalls  and  worms 

Help  Desk  guru  Ron  Nutter  offers  suggestions  to  a  reader  who 
asks:  "We  have  a  firewall,  but  have  never  updated  its  software, 
thinking  that  worms/viruses  were  better  addressed  by  our  anti- 
l  virus  software.  How  would  we  update  these  devises,  and  how  often 
do  you  recommend  we  do  so?"  DocFinder  7447 

Home  Base 

Power  point 

i  Columnist  Sandra  Gittlen  offers  power-outage  preparation  tips. 

DocFinder  7448 

j 

Compendium 

Googlebombing  your  way  to  a  good  reputation 

NetworkWorld.com  Executive  Editor  Adam  Gaffin  looks  at  how 
some  companies  use  search  engine  optimization  gone  bad  to 
j  ensure  sites  favorable  to  it  show  up  higher  on  Google  results 
pages. 

DocFinder  7449 
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Small  Business  Tech 

New  e-mail  server  option 

■  Columnist  James  Gaskin  considers  changing  his  view  on  e-mail 
|  self-hosting. 

DocFinder  7450 


The  Net-Box  got  high  marks  for  its  ability  to  let  users 


host  their  own  Web  sites  and  e-mail  servers  but  low 
marks  for  its  half-cooked  applications.  Page  34. 
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VoIP:  Capitalizing  on  convergence 

A  Technology  Tour  and  Expo  packed  with  real-word  data  and  case 
studies  from  leading  companies  and  front-line  colleagues  who've 
successfully  deployed  converged  infrastructures.  The  average 
savings  of  these  early  adopters:  8500,000.  Want  in?  Qualify  and 
you  can  attend  free. 
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Cisco,  Yahoo  team  up  vs.  spam 

■Yahoo  and  Cisco  last  week  announced  they  are  combining  their 
anti-spam  technologies  to  create  a  new  e-mail  authentication  sys¬ 
tem.  Called  DomainKeys  Identified  Mail,  it  will  draw  on  Yahoo’s 
DomainKeys  authentication  technology  and  Cisco’s  Internet 
Identified  Mail. The  technology  will  be  offered  to  other  vendors  on 
a  royalty-free  basis,  the  companies  said. Yahoo’s  DomainKeys  uses 
public-key  cryptography  to  authenticate  a  sender  of  an  e-mail  at  the 
domain  level.The  sending  system  generates  a  signature  and  inserts 
it  in  the  e-mail  header,  and  the  receiving  system  verifies  the  signa¬ 
ture  using  a  public  key  published  in  the  DNS.  Cisco’s  authentication 
technology  also  uses  cryptography  but  associates  the  signature 
with  the  message  itself. 

Microsoft  touting  XML  in  Office  12 

■  Microsoft  last  week  said  that  XML  would  be  the  default  file  format  for  three  applications 
when  it  ships  Office  12  late  next  year.  The  company  said  its  new  Microsoft  Office  Open 
XML  Formats  would  be  supported  in  Word,  Excel  and  FbwerFoint.Those  three  applications 
will  have  new  file  extensions  that  end  with  an  ‘x’  to  designate  they  are  XML-based:  .docx, 
.xlsx  and  .pptx.The  big  picture  for  end  users  is  that  Microsoft  is  trying  to  take  the  shackles 
off  its  desktop  Office  applications  and  use  XML  to  open  the  data  created  within  those 
applications  to  back-end  systems,  such  as  enterprise  resource  planning  and  customer 
relationship  management  applications,  and  to  inject  the  data  into  business  process  work- 
flows.The  XML  file  formats  are  the  first  announced  changes  related  to  “The  New  World  of 
Work”  strategy  that  Microsoft  Chief  Software  Architect  Bill  Gates  laid  out  last  month  at  his 
annual  CEO  Summit. 

Intel  to  demo  WiMAX  technology 

■  Intel  is  expected  to  show  off  a  prototype  for  the  guts  of  a  WiMAX  base  station  this  week 
at  Supercomm  in  Chicago,  aiming  to  help  equipment  vendors  get  started  making  gear  for 
the  high-speed  wireless  standard.The  Glenfield  reference  design  is  Intel’s  first  for  network 
infrastructure  for  WiMAX,  a  technology  strongly  backed  by  Intel  that  is  expected  to  start 
hitting  the  market  by  year-end. The  board  is  built  around  an  Intel  network  processor  for 
media  access  control  functions  and  a  PicoChip  Designs  physical-layer  component.lt  can 
be  customized  by  base-station  vendors  to  meet  their  needs,  according  to  Intel.  Glenfield 
was  built  using  Advanced  Telecom  Computing  Architecture  (ATCA),  which  Intel  has 
aggressively  promoted  as  a  design  standard  for  network  equipment.  Intel  sees  ATCA  tak¬ 
ing  carrier  gear  beyond  the  usually  proprietary  architectures  of  today  to  modular  systems 
that  can  be  developed  more  quickly  and  at  lower  cost  using  components  from  many 
manufacturers.  (See  related  Supercomm  story  page  14.) 

COMPENDIUM 

E-mail  at  birth 

The  Malaysian  state  of  Perak  has  proposed  automatically  giving  newborns  an  e-mail 
address  along  with  a  birth  certificate  as  part  of  a  five-year  communications  and 
technology  strategic  plan.  No  word  on  whether  each  kid  also  will  get  a  My  First 

Computer.  Compendium  is  a  must-read  right  from  birth  at  www.network 
world.com,  DocFinder:  7442. 
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<§> j  Grid  news  for  animals.  Colorado  State  University  iast  week  said 
it  is  piloting  a  national  animal  identification  system  based  on  grid  computing  technology. 
The  project  is  the  first  to  exploit  the  school’s  new  Colorado  Grid  Computing  Initiative, 
which  is  funded  through  more  than  $2  million  in  grants  and  other  monies.  One 
example  of  how  the  ID  system  might  be  used:  for  tracking  cattle,  which  then  could 
be  quickly  identified  in  the  case  of  a  disease  outbreak. 

^  Quantum  leap . . .  backwards?  nec  last  week  said  it  has 

delayed  the  introduction  of  its  first  quantum  cryptography  system  by  three  to  four 
years  because  of  performance  and  cost  issues.  NEC  had  planned  to  start  selling 
the  system  later  this  year.  Quantum  cryptography  is  supposed  to  improve  the 
security  of  data  communications  by  encoding  each  bit  of  the  encryption  key  on 
i  individual  photons. 


Another  reason  to  hate  spam.  Spam  may  be  a  global  problem 


but  it’s  hurting  'Net  users  in  developing  countries  more  than  their  counterparts  in 
industrialized  nations,  according  to  a  new  report  by  the  Organization  for  Economic 
Cooperation  and  Development.  ‘‘[Spam]  is  a  heavy  drain  on  resources  that  are 


McAfee  snaps  up  Wireless  Security 

■  McAfee  last  week  acquired  start-up  Wireless  Security  for  an  undisclosed  sum,  with 
the  intent  of  offering  wireless  security  services  in  the  future.  McAfee  said  it  plans  to 
integrate  Wireless  Security’s  wireless  LAN  authentication  and  encryption  technolo¬ 
gies  into  McAfee  software  in  order  to  provide  a  remotely  managed  security  service 
for  consumers  and  small  businesses  via  the  same  network  operations  centers  where 
McAfee  currently  provides  managed  anti-virus  services. 

German  passports  to  hold  RFID  chip 

■  Germany  has  taken  a  big  step  in  the  battle  against  organized  crime  and  terrorism 
by  unveiling  a  new  passport  with  a  chip  that  contains  biometric  data.  The  country 
plans  to  be  among  the  first  in  Europe  to  issue  biometric  passes, starting  Nov.  l.The 
new  passport,  valid  for  10  years,  will  include  an  embedded  radio  frequency 
identification  (RFID)  chip  that  will  initially  store  a  digital  photo  of  the  passport 
holder’s  face. 

Starting  in  March  2007,  the  holder’s  left  and  right  index  fingerprints  also  will  be 
stored  on  the  chip.The  reasons  for  using  non-contact  RFID  chips  are  twofold:  contact 
points  in  traditional  chip  cards  are  not  designed  for  10  years  of  use;  and  passports 
don’t  fit  in  present  chip-card  readers,  according  to  Germany’s  Federal  Office  for 
Information  Security. 


The  world’s  most-deployed  server 
platform  now  supports  64-bit  applications. 
The  Intel®  Xeon™  processor  now 
works  harder  for  your  business  than  ever. 
With  innovative  platform  features  that  enable 
power-saving  options,  flexible  memory,  I/O  and  storage 
configurations.  And,  of  course,  continued 
support  for  all  your  existing  32-bit  applications. 
How  can  Intel  Xeon  processor-based  servers  serve  you? 

intel.com/go/xeon 

inteL 

©2005  Intel  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks 
of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 
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Qwest  seen  having  eyes  for  XO 

Source  says  RBOC  sizing  up  smaller  carrier  in  wake  of  MCI  snub. 


XO  Communications 


Location:  Reston.Va. 


Employees:  5,000 


Management:  Carl  Grivner,  president  and  CEO 


Services:  Local  and  long-distance  voice,  Internet  access,  private 
data  (private  line  and  Ethernet),  hosting,  managed  firewall,  VPN 
and  bundled. 


Network:  16,000  fiber  mile  OC-192  IP  backbone;  1.16  million  metro 
fiber  miles  in  40  cities. 


Fast  facts:  The  company  was  formed  in  1994  and  was  formerly 
known  as  Nextlink  Communications,  it  changed  its  name  to  XO 
Communications  in  2000.  It  emerged  from  bankruptcy  in  2003. 


■  BY  CAROLYN  DUFFY  MARSAN 
AND  JIM  DUFFY 

Qwest  is  reportedly  sizing  up  XO 
Communications  as  a  possible 
takeover  target,  a  source  says. 

Speculation  that  Qwest  might 
pursue  XO  and  other,  smaller  ser¬ 
vice  providers  surfaced  after 
Qwest  lost  out  to  Verizon  in  its  bid 
for  MCI.  Observers  at  that  time 
said  Qwest  might  look  to  acquire 
a  smaller  carrier  with  nationwide 
facilities,  a  focus  on  enterprise 
customers  and  little  debt  —  such 
as  one  that  has  emerged  from 
Chapter  11  bankruptcy  XO,  Global 
Crossing  and  Broadwing  have 
done  so. 

A  source  says  Qwest  was  per¬ 
forming  due  diligence  on  XO  last 
week  as  a  precursor  to  perhaps 
making  an  offer  for  the  carrier. 
Qwest  and  XO  declined  to  com¬ 
ment  on  “rumor  and  speculation.” 

Analysts  say  the  union  makes 
sense.  Qwest  CEO  Dick  Notebaert 
has  said  the  carrier  would  be 
looking  to  accumulate  smaller 
assets  after  losing  out  on  MCI,  in¬ 
cluding  those  divested  by  SBC 
and  Verizon  as  they  integrate 
acquired  carriers  AT&T  and  MCI, 


respectively 

“Qwest  has  been  saying  that 
they  would  look  to  collect  similar 
local  assets  and  business  cus¬ 
tomers  by  buying  smaller  compa¬ 
nies,”  says  Donna  Jaegers,  an  ana¬ 
lyst  at  Janco  Partners.  “It  makes 
sense.  XO’s  got  fiber  in  37  markets 
—  they  have  about  3,000  build¬ 
ings  on  fiber.  They  have  a  lot  of 
collocation  facilities  with  the 
local  phone  companies,  and  they 
got  that  by  buying  Allegiance 
[Telecom] .” 

XO  last  year  outbid  Qwest  for 
Allegiance.  XO  has  1.16  million 
metropolitan  fiber  miles  through¬ 
out  40  major  U.S.  cities,  including 
the  30  largest. 

“It’s  very  consistent  with  what 
[Notebaert]  said,” says  Jeffrey  Hal- 
pern  of  Sanford  Bernstein,  which 
hosted  a  conference  last  week  at 
which  Notebaert  spoke  and  reit¬ 
erated  plans  to  “roll  up”  smaller 
assets. 

“He  has  two  problems:  He  has  a 
scale  problem  and  he  has  an 
access  problem,” he  says.“What  he 
said  during  and  following  his  pre¬ 
sentation  was  that  he  believes 
consolidation  remains  necessary 
and  that  Qwest  is  likely  to  be  an 


active  member  in  driving  that; 
and  that  the  probable  strategy  is  a 
roll-up  strategy  —  there  isn’t  one 
acquisition  that  solves  the  prob¬ 
lem.  You  could  assemble  a  set  of 
assets  that  could  be  competitive 
with  an  AT&T  and  an  MCI  in  the 
enterprise  space.” 

Thomas  Nolle,  president  of  con¬ 
sultancy  CIMI,  says  he  has  heard 
the  Qwest/XO  due  diligence 
reports,  as  well. 

“It  kind  of  makes  sense,”  he  says. 
“The  near-term  strategy  for  them 
is  probably  to  try  to  build  up  their 
mass  and  credibility  so  that  it  at 


least  looks  like  they’re  trying  to  be 
an  independent  player” 

And  of  the  rumored  Qwest  tar¬ 
gets  —  XO,  Global  Crossing, 
Broadwing  and  Level  3  — “XO  is  a 
lower  apple,”  Nolle  says. 

“The  only  concern  I  have  about 
XO  is  that  I’m  not  sure  they  bring 
that  much  to  the  table.  In  addition 
to  not  having  maybe  a  lot  of  extra 
breadth,  Ethernet-type  services  — 
which  is  what  XO’s  been  princi¬ 
pally  known  for  —  isn’t  exactly 
rocket  science,  and  Qwest  could 
deploy  it  on  their  own.  So  I’m  not 
100%  sure  what  they  think  they’re 


buying  in  the  process. They’re  just 
essentially  picking  up  some  cus¬ 
tomers,  picking  up  some  data 
sales  expertise  in  some  critical 
areas.” 

In  March,  XO  retained  Jefferies 
&  Co.  to  present  strategic  alterna¬ 
tives  based  on,  among  other 
things,  the  competitive  environ¬ 
ment  of  the  telecom  industry,  the 
current  regulatory  environment, 
and  the  recent  and  pending 
mergers  and  acquisitions  in  the 
industry  XO  says  it  is  considering 
Jefferies’  report. 

Calls  to  Jefferies  were  not  re¬ 
turned  by  press  time. 

XO’s  market  capitalization  is 
$404  million.  Revenue  for  the 
first  quarter  of  this  year,  ended 
March  31,  was  $361.5  million, 
an  increase  of  39%  from  the  first 
quarter  of  last  year.  Consolidated 
net  loss  for  the  first  quarter  of 
this  year  was  $42.9  million,  an 
improvement  of  $5.6  million 
compared  with  a  net  loss  of  $48.5 
million  in  the  same  period  last 
year. 

In  addition  to  its  metropolitan 
fiber,  XO  has  an  OC-192  IP  back¬ 
bone  with  OC-12  uplinks  in  its 
markets  and  data  centers.B 


Verizon  extending  switched  Ethernet  service 


■  BY  JIM  DUFFY 

Verizon  this  month  plans  to  announce 
enhancements  to  its  switched  Ethernet  ser¬ 
vice  designed  to  make  it  more  reliable  for 
enterprise  applications. 

Verizon  is  expected  to  add  class-of-ser- 
vice  features  to  its  switched  Ethernet  LAN 
and  Ethernet  virtual  private  line  services, 
which  are  predominantly  used  for  enter¬ 
prise  branch-office  site-to-site  communi¬ 
cation.  The  service  costs  $900  to  $1,000 
per  month  for  10M  bit/sec  throughput, 
seven  times  the  bandwidth  of  a  1.5M 
bit/sec,  $400-  to  $500-per-month  frame 
relay  T-l, says  Mike  Tighe, Verizon  product 
manager. 

Verizon  plans  to  offer  three  levels  of 
class-of-service,  all  backed  by  stringent  ser¬ 
vice-level  agreements  (SLA),  for  Ethernet 
LAN  and  Ethernet  virtual  private  line: 

•  Standard,  a  best-effort  service  for  e- 
mail  and  Internet  surfing. 

•  Priority,  which  offers  throughput  guar¬ 
antees  akin  to  frame  relay  committed 
information  rate,  for  CRM  and  ERP  appli¬ 
cations. 

•  Real-Time,  for  voice  and  video. 

For  each  class,  Verizon  is  offering  SLAs 


on  data  delivery  latency  and  jitter  (see 
graphic).  Should  Verizon  not  meet  its  SLA 
guarantees,  preliminary  information  pro¬ 
vided  by  the  carrier  states  that  it  will  offer 
users  a  20%  credit  on  the  monthly  recur¬ 
ring  cost  of  the  service. 

Some  analysts  say  adding  class-of-ser¬ 
vice  will  enable  Verizon  to  make  up  rev¬ 
enue  on  the  low  price-per-bit  of  Ethernet. 

“What  Verizon  is  trying  to  do  is  figure  out 
exactly  what  combination  of  features  and 
capabilities  create  an  optimum  Ethernet 
offering,”  says  Thomas  Nolle,  president  of 
consultancy  CIMI. “There’s  a  lot  of  interest 
in  Ethernet  right  now  among  the  enter¬ 
prises,  but  it’s  predicated  on  there  being  a 
conspicuous  cost  advantage  relative  to 
the  current  access  technologies.”  (See 
related  story,  page  30.) 

Verizon  could  be  the  first  incumbent 
carrier  to  offer  Ethernet  with  three  distinct 
classes  of  service.  Among  the  RBOCs, 
BellSouth  offers  a  premium  Metro 
Ethernet  service  with  guaranteed  band¬ 
width  minimums,  bursting,  virtual  LAN 
stacking  and  SLAs.  Qwest  offers  an  ATM 
unspecified  bit  rate  class-of-service  for  its 
LAN  Switching  Service,  and  99.95%  SLAs 
for  its  Metro  Optical  Ethernet  offerings. 


Among  the  interexchange  carriers, 
AT&T  guarantees  network  availability 
from  99.9%  to  99.99%,  depending  on  how 
it  provisions  each  connection,  for  its 
Ethernet  Switched  Service  metropolitan- 
area  network.  MCI  offers  100%  availability 
latency  under  55  millisec  and  delivery  of 
at  least  99.5%  of  packets  for  its  Internet 
Dedicated  Ethernet  service;  and  100% 
network  availability  for  on-net  traffic  and 
99.8%  for  off-net  traffic  for  its  U.S.  Private 
Line  Ethernet  and  Metro  Private  Line 
Ethernet  services. 

Verizon  plans  a  number  of  other  signifi¬ 
cant  enhancements  to  its  Ethernet  ser¬ 
vices  and  infrastructure  over  the  next  year. 

Virtual  Private  LAN  Services  is  slated  for 
2006, Tighe  says.This  technology  would  let 


it  offer  Ethernet  LAN  on  a  national  scale. 

Verizon’s  current  inter-LATA  Ethernet 
offering  is  National  Transparent  LAN 
Services,  a  point-to-point  “Ethernet  virtual 
circuit”  service. 

Verizon  also  is  scheduled  to  provide 
SONET-level  access  to  switched  Ethernet 
services  late  this  year  or  early  next  by 
adding  IEEE  802.17  Resilient  Packet  Ring 
technology  to  its  SONET  rings.  RPR  will 
enable  Verizon  to  extend  Ethernet  LAN 
into  its  Enhanced  Dedicated  SONET  Ring 
service, Tighe  says. 

Resiliency  will  be  augmented  by  offer¬ 
ing  a  protected  access  line  for  switched 
Ethernet,  which  extends  two  fibers  from 
an  Ethernet  switch  into  the  customer’s 
premises.  ■ 
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Sun  nabs  StorageTek  in  blockbuster 


The  companies  combined 

Sun’s  acquisition  of  StorageTek  will  result  in  an  expanded 
portfolio  of  data  management  and  protection  products. 


Sun 

StorageTek 

2004  revenue 

$11.2  billion 

$2.2  billion 

2004  net  income 

$651  million 

$191  million 

Cash/short  term 

investments 

$7.4  billion 

$4.5  billion 

Employees 

32,000 

7,100 

Products 

Servers,  disk  storage, 

Tape  automation,  disk 

storage  management 

storage,  storage  manage 

software 

ment  and  ILM  software 

■  BY  DENI  CONNOR 

Looking  to  stem  losses  and  sig¬ 
nificantly  boost  its  data  protec¬ 
tion,  management  and  storage 
wares,  Sun  last  week  dug  deep 
and  acquired  Storage  Technol¬ 
ogy  (StorageTek)  for  $4.1  billion. 

Sun  blamed  its  StorEdge  stor¬ 
age  product  line  partly  for  weak 
financial  results  reported  in 
April. Sun  posted  a  net  loss  of  $61 
million  for  the  quarter  ending 
March  27.  Company  executives 
said  one  problem  was  that  the 
rate  at  which  customers  pur¬ 
chase  Sun’s  storage  products, 
along  with  servers,  had  dropped 
over  the  last  three  quarters.  Sun 
competitors,  such  as  IBM,  have 
been  selling  storage  devices  with 
servers,  but  Sun  has  lagged  in 
that  market. 

Though  Sun  created  the  Net¬ 
work  File  System  (NFS)  protocol 


used  in  the  network-attached 
storage  market,  it  is  widely  rec¬ 
ognized  that  the  company  has 
not  matched  the  success  of 
competitors  IBM  and  HP  at  sell¬ 
ing  storage  products  with  its 
server  systems. 

Meanwhile, StorageTek  and  Sun 
had  a  close  relationship  before 
the  acquisition.  StorageTek  had  a 
continuing  OEM  agreement  with 
Sun,  starting  in  1999.  Sun  has 
been  StorageTek’s  largest  OEM 
partner,  offering  StorageTek 
libraries  under  Sun’s  StorEdge 
brand,  according  to  StorageTek. 

Sun  CEO  Scott  McNealy  says 
the  acquisition  might  just  be  the 
beginning.  “Sun’s  technical  and 
financial  strength  puts  us  in  a 
great  position  to  act  as  a  con¬ 
solidator  in  the  [IT]  industry  he 
says.  With  StorageTek  “we  have 
an  end-to-end  capability”  from 
the  development,  creation,  cap¬ 


ture,  management,  storage  and 
archiving  of  data,  he  says. 

Industry  reaction 

“It  certainly  fills  out  Sun’s  stor¬ 
age  offerings  —  they  will  now  be 
able  to  control  tape  library,  as 
well  as  drive  offerings,”  says 


Randy  Kerns,  senior  analyst  for 
the  Evaluator  Group.  StorageTek’s 
tape  products  accounted  for  77% 
of  its  revenue  in  2004. 

This  acquisition  also  will  give 
Sun  a  sales  and  support  chan¬ 
nel  the  company  didn’t  have, 
analysts  and  users  say.  Through 


the  acquisition,  Sun  will 
acquire  a  more  than  1,000-per¬ 
son  salesforce. 

“Even  though  it  is  going  to  take 
Sun  some  time  to  rationalize  all 
the  storage  products  between 
the  two  companies,  the  most 
important  thing  it  accomplishes 
for  Sun  is  providing  them  with  a 
sales  and  pre-sales  technology 
force  that  can  actually  under¬ 
stand  and  can  sell  storage,”  says 
Stephanie  Balaouras,  senior  ana¬ 
lyst  at  The  Yankee  Group. 

Gordon  Haff,  senior  analyst  for 
Illuminata,  adds:  “It  seems  as  if 
Sun  was  trying  to  leverage  their 
existing  salesforce  to  a  large 
degree  to  sell  storage.  And  it 
wasn’t  working.  They’ve  been 
adding  storage  specialists  but  it’s 
hard  to  gain  critical  mass  with 
onesy-twosy  additions.” 

Ron  Godine,  manager  of  IS 
operations  for  Royal  Appliance 
of  Glenwillow,  Ohio,  says  the  deal 
will  benefit  him,  particularly  in 
light  of  Sun’s  past  sales  efforts. 

“Some  of  Sun’s  storage  has 
been  faltering  badly”  Godine 
says.  “Sun  has  always  wanted  to 
make  an  impact  in  storage,  but 
they  quite  honestly  need  a  sales¬ 
force  —  that’s  one  of  the  troubles 
we’re  getting  into  —  we  are 
only  seeing  mom  and  pop  local 
places  that  do  it  all  and  none  of 
it  well  in  addressing  enterprise- 
class  customers.” 

“It’s  probably  the  right  direc¬ 
tion  for  Sun,”  Godine  says.  “The 
move  is  consistent  in  that  it  will 
make  Sun  more  competitive 
with  Dell,  HR  who  have  strong 
server,  storage  and  services 
strategies.”While  Godine  has  no 
StorageTek  products,  he  has 
plenty  of  Sun  servers. 

Still,  others  say  this  wasn’t  the 
deal  they  expected  Sun  to  make. 

Chris  Foster,  a  storage  analyst  at 
Technology  Business  Research, 
called  the  deal  “a  step  back¬ 
ward”  because  Sun  recently  has 
been  heading  into  the  services 
market  —  while  StorageTek  is 
more  of  a  legacy  storage  and 
back-up  vendor. 

“I  expected  Sun  to  make  an 
acquisition  in  professional  ser¬ 
vices  or  software,  and  I  don’t 
think  StorageTek  fits  that  profile.  If 
they  were  going  to  spend  $4  bil¬ 
lion,  I  thought  they  would  have 
bought  a  software  company” 
he  says. 

John  Blau ,  a  correspondent  with 
the  IDG  News  Service,  contributed 
to  this  story. 


Microsoft  seeks  to  sync  up  software 

New  versions  of  SQL  Server,  Visual  Studio  to  highlight TechEd  conference. 


■  BY  JOHN  FONTANA 

Microsoft  this  week  will  use  its  annual 
TechEd  conference  to  give  IT  executives  a 
clearer  picture  on  how  it  plans  to  integrate 
its  developer  tools  and  Windows  infrastruc¬ 
ture  in  hopes  of  supplying  the  uptime  and 
security  that  corporations  demand  from 
their  networks. 

The  focus  of  the  conference  will  be  SQL 
Server  2005  and  Visual  Studio  2005,  which 
were  supposed  to  ship  more  than  a  year  ago. 
Microsoft  is  expected  to  announce  that  the 
two  pieces  of  software  will  ship  on  Nov.  8. 

SQL  Server  2005  and  Visual  Studio  2005  are 
linked  by  many  complementary  features  that 
will  let  IT  build  and  support  business-process 
applications. 

Microsoft  CEO  Steve  Ballmer,  who  will 
deliver  the  opening  keynote  address  to  an 
anticipated  11,000  attendees,  also  will  intro¬ 
duce  updates  to  Microsoft’s  Visual  Studio 
Tools  for  Office.  The  tools  let  companies  cre¬ 
ate  document-centric  applications  using 
Word  and  Excel. 

Both  announcements  highlight  how  Micro¬ 
soft  hopes  to  foster  tighter  bonds  between 
those  that  maintain  IT  infrastructure  and 
those  that  build  applications  that  run  on  top 
of  it. 

“Microsoft  is  going  to  try  and  pull  everything 
together  with  Visual  Studio  so  it  is  the  one  tool 
that  can  be  used,  in  theory  to  easily  develop 
for  just  about  every  Microsoft  product  you  can 
imagine,”  says  Joe  Wilcox,  an  analyst  with 
Jupiter  Research.  “This  is  a  good  opportunity 
for  Microsoft  to  rally  the  troops  as  it  marches 
toward  its  2005  server  milestones  and  its  2006 


desktop  milestones.”  Those  desktop  mile¬ 
stones  are  centered  on  Longhorn,  which  is 
expected  to  ship  next  year. 

“Historically,  we  have  talked  about  server 
and  tool  products  to  IT  pros  in  somewhat  of 
a  siloed  wajf  says  Martin  Taylor,  general  man¬ 
ager  of  platform  strategy  for  Microsoft.“We  left 
it  up  to  them  to  figure  out  some  of  the  bene 
fits  of  integration,  and  so  now  we  are  trying  to 
talk  about  the  integrated  scenarios.”Those  see 
narios  center  on  infrastructure,  management, 
security  and  Web  services. 

Microsoft  also  will  focus  on  other  upcoming 
releases  such  as  BizTalk  Server  2006  and 
Commerce  Server  2006,  which  along  with  SQL 
Server  and  Visual  Studio  are  part  of  Microsoft’s 
Connected  Systems  infrastructure. 

“One  thing  that  you  do  see  from  Microsoft 
these  days  is  that  they  know  they  have  chal¬ 
lenges  on  many  fronts,”  says  Laura  DiDio,  an 
analyst  with  The  Yankee  Group.  “They  have 
challenges  from  Linux  and  other  competitors 
in  other  areas.They  have  challenges  from  their 
own  customer  base  because  it  is  demanding 
more  functionality  more  reliability  and  higher 
security  I  think  you  have  to  give  them  credit 
for  stepping  up  to  the  plate,  and  they  are  start¬ 
ing  to  deliver.” 

At  the  conference,  Microsoft  is  expected  to 
ship  the  long-awaited  Windows  Server  Up¬ 
dates  Services  (WSUS),  a  free  enterprise 
server  for  downloading  patches,  and  launch 
Microsoft  Update,  a  Microsoft  Web  site  that 
hosts  patches  for  download. 

Microsoft  also  plans  to  demonstrate  a  com¬ 
bination  of  WSUS,  the  System  Management 
Server  Inventory  tool  for  Microsoft  Update 
and  the  Microsoft  Baseline  Security  Analyzer 


(MBSA)  2.0,  a  scanning  tool  expected  to  ship 
in  30  days. 

Microsoft  will  use  the  conference  to  clarify 
its  product  releases  and  road  map  since  it  is 
facing  thousands  of  customers  that  will  have 
to  decide  this  year  on  re-signing  billions  of 
dollars’  worth  of  Volume  Licensing  and 
Software  Assurance  contracts  set  to  expire 
this  year. 

In  addition  to  Microsoft,  many  of  the  268 
third-party  partners  attending  the  show  will 
make  announcements.  Advanced  Systems 
Concepts  is  set  to  release  ActiveBatch  Wire¬ 
less,  a  Java  application  that  allows  for  job 
scheduling  and  management  from  a  Black- 
Berry  device.  Configuresoft  is  scheduled  to 
release  Enterprise  Configuration  Manager  4.7, 
which  includes  Unix  and  Linux  support  along 
with  compliance,  rollback  and  uninstall  fea¬ 
tures.  Ecora  is  expected  to  introduce  its  multi¬ 
platform  Change  and  Configuration  Manage¬ 
ment  Suite,  a  combination  of  its  Enterprise 
Auditor,  Patch  Manager  and  Provisioning 
Manager  software.  Shavlik  Technologies  is  set 
to  introduce  three  products:  HFNetChkPro  for 
Solaris,  which  was  scheduled  to  ship  June  1; 
NetChk  Spyware,  which  is  in  beta;  and  Shavlik 
Security  Agents  5.  PatchLink  is  scheduled  to 
announce  integration  of  its  PatchLink  Update 
software  with  Microsoft’s  MBSA  2.0.B 
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See  how  HP  Services  and  HP  Compliance  Solutions  can  help  you  by  downloading 

IDC’s  Identity  Management:  A  Growing  Player  in  the  Regulatory  Compliance  Challenge  at  hp.com/info/openview 
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HP  to  release  mgmt  barrage 

Company  to  unveil  products  in  its  OpenView  and  ProCurve  lines. 


Switch  surveillance 

HP  ProCurve  Manager  Plus  2.0  software  helps  customers 
keep  tabs  on  their  edge  devices  and  take  actions  based 
on  events  collected  from  third-party  systems. 


The  software  monitors  the  health  and  status  of  switches.  In  the 
|ir»rp  jr  i  event  of  a  problem,  such  as  a  virus  spreading,  the  software  can 
♦  gggjgjjt  shut  down  a  port  based  on  events  received  from  an  IDS. 
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Network  managers  using  ProCurve  Manager  Plus  can  collect,  monitor 
and  change  device  configurations  on  a  one-to-many  basis  using  the 
software’s  Web-based  application, 


i-UtuywM*  i 


Juniper 
adds  IPSec 
to  its  SSL 
platform 

■  BY  TIM  GREENE 

Juniper  is  upgrading  its  remote 
access  platform  to  support  IPSec 
or  SSL  sessions,  deciding  on  the 
fly  which  technology  is  better 
suited  for  the  current  connection. 

This  is  the  first  time  a  remote 
access  vendor  has  incorporated 
both  IPSec  and  SSL  transport  in 
an  agent  that  is  downloaded  to  a 
remote  machine  at  the  time  of 
connection.  The  agent  over¬ 
comes  the  objection  that  IPSec 
requires  a  separately  installed 
client  on  remote  machines. 
Juniper  says  it  first  tries  IPSec 
because  that  technology  has  less 
inherent  delay  than  SSL  and  so 
provides  better  performance. 

As  remote  users  try  to  connect 
over  the  Internet  to  a  Juniper  SSL 
VPN  box  at  the  edge  of  a  busi¬ 
ness  network,  the  device  sends 
down  a  dual  agent.  If  the  IPSec 
connection  is  blocked,  as  can 
occur  across  network  devices 
that  swap  private  IP  addresses  for 
public  ones,  the  software  will  fall 
back  to  an  SSL  connection, 
which  can  generally  get  through 
these  network  address  transla¬ 
tion  devices. 

“This  way  you  can  have  your 
choice  of  the  better  one  to  use, 
but  the  end  user  doesn’t  have  to 
figure  out  which  connection  to 
make,”  says  Zeus  Kerravala,  an 
analyst  with  The  Yankee  Group. 

Nortel  and  other  vendors  have 
gateways  that  support  SSL  and 
IPSec  but  require  a  pre-installed 
client  on  remote  machines  for 
IPSec  connections. 

In  addition,  Juniper  is  adding 
XML  rewrite  capabilities  to  the 
platform  to  make  it  possible  to 
reach  applications  with  XML- 
based  content. 

The  company  is  upgrading  its 
host-checker  software  that 
scans  remote  computers  before 
allowing  them  to  connect  to  a 
VPN  to  make  sure  they  meet 
security  policies.  If  an  end-user 
machine  fails  a  policy,  the  soft¬ 
ware  can  specify  to  the  user 
why  the  machine  failed  and 
redirect  it  to  a  site  where  the 
problem  can  be  fixed.  The  host 
checker  then  re-evaluates  the 
machine.  Before,  the  software 
just  told  the  end  user  where  to 
go  to  download  fixes.* 


■  BY  DENISE  DUBIE 

HP  this  week  is  set  to  unveil 
products  designed  to  help  cus¬ 
tomers  better  manage  compli¬ 
ance  across  their  network  infra¬ 
structure  and  monitor  service-ori¬ 
ented  applications  from  develop¬ 
ment  to  deployment. 

HP  will  introduce  two  Open- 
View  management  software 
applications  at  its  15th  annual 
user  conference,  the  HP  Software 
Forum,  which  the  vendor  co¬ 
hosts  with  independent  user  or¬ 
ganization  OpenView  Forum  In¬ 
ternational.  HP  expects  some 
1,750  OpenView  users  to  attend, 
and  industry  watchers  say  the 
show  offers  HP  the  opportunity 
to  pitch  long-term  strategies  to 
customers  who  primarily  use  a 
few  OpenView  products. 

“HP  wants  to  help  customers 
expand  their  use  of  existing 
OpenView  technologies  beyond 
the  core  offerings,  and  the  com¬ 
pany  wants  to  attract  new  kinds 
of  IT  buyers,  not  just  network 
managers,”  says  Dennis  Drogseth, 
a  vice  president  at  market  re¬ 
search  firm  Enterprise  Manage¬ 
ment  Associates. 

HP  says  its  OpenView  software 
brings  in  the  majority  of  the  rev¬ 
enue  for  the  software  division.  HP 
last  month  reported  second  quar¬ 
ter  software  revenue  at  $277  mil¬ 
lion,  an  increase  of  23%  over  last 
year,  with  OpenView  revenue  in¬ 
creasing  36%.  Yet  the  software 
division  still  reported  an  operat¬ 
ing  loss  of  $6  million,  compared 
with  a  loss  of  $52  million  in  the 
same  period  last  year.  The  com¬ 
pany  attributes  that  to  costs  asso¬ 
ciated  with  six  acquisitions  and 
their  subsequent  integration. 

HP  says  OpenView  products 
such  as  Network  Node  Manager, 
Operations  and  Service  Desk 
account  for  most  of  the  revenue, 
and  the  group  is  working  to  sell 
newer  OpenView  offerings,  such 
as  Automation  Manager,  into  cur¬ 
rent  accounts  to  become  prof¬ 
itable  by  the  fourth  quarter. 

The  new  applications,  Compli¬ 
ance  Manager  and  SOA  Manager, 
might  draw  in  a  more  executive- 
level  buyer,  which  could  help  HP 
peddle  its  Adaptive  Enterprise 
strategy  into  larger  accounts. 
Adaptive  Enterprise  is  HP’s  over¬ 
arching  plan  to  incorporate  hard¬ 
ware,  software  and  services,  and 
integrate  them  to  help  customers 
quickly  respond  to  changing 


resource  needs. 

The  software  applications 
could  provide  short-term  benefits 
for  large  enterprise  users,  says 
Jasmine  Noel,  a  principal  analyst 
at  Ptak,  Noel  &  Associates.  For 
example,  the  software  would  pro¬ 
vide  enterprise  IT  departments 
with  a  way  to  correlate  preset 
policies  —  laid  out  in  help  desk 
and  workflow  products  —  to 
actual  events  captured  in  config¬ 
uration  files  and  monitoring 
tools.The  product  also  reports  the 
findings  in  non-technical  terms 
for  auditors. 

“Compliance  Manager  links  to 
a  bunch  of  IT  products  to  col¬ 
lect  compliance-related  data,“ 
she  says. 

Compliance  Manager  software 
installs  on  a  server  and  uses  data- 
mining  technology  borrowed 
from  HP’s  OpenView  Perfor¬ 
mance  Insight  Manager  software 
to  collect  information  from  multi¬ 
ple  servers, applications  and  third- 
party  systems.  The  data  collected 
is  compared  against  preset  poli¬ 
cies,  and  Compliance  Manager 
can  take  actions  to  correct  non- 
compliant  systems  with  a  patch, 
for  example,  made  possible  by 
software  distribution  technology 
HP  acquired  last  year. 

SOA  Manager  uses  a  combina¬ 
tion  of  server,  distributed  agent 
and  integration  platform  software 


to  help  application  developers 
build  management  into  Web  ser¬ 
vices  and  SOA  applications,  and 
to  enable  IT  operations  staff  to 
better  monitor  application  perfor¬ 
mance  once  deployed,  HP  says. 
The  software  would  help  IT  staff 
better  map,  or  relate,  business  ser¬ 
vices  to  software  assets  in  the 
SOA,  says  Jason  Bloomberg,  a 
senior  analyst  with  ZapThink. 

“SOA  Manager  could  help  IT 
managers  get  a  complete  picture 
of  the  application  and  provide 
an  active  management  system 
from  development  to  monitor¬ 
ing,"  he  says. 

Compliance  Manager  is  ex¬ 
pected  to  be  generally  available 
in  September  and  pricing  will 
tentatively  start  at  $250,000.  SOA 
Manager  costs  $10,000  per 
agent,  $22,000  per  Web  services 
management  broker  and 
$25,000  per  management  inte¬ 
gration  platform. 

Separately,  HP’s  ProCurve  Net¬ 
working  group  this  week  plans  to 
introduce  a  switch  series,  unveil 
upgrades  to  its  switch  manage¬ 
ment  software  and  detail  free 
updates  to  its  ProCurve  5300x1 
switches  and  its  ProCurve  Wire¬ 
less  Access  Point  420  series. 

HP  says  its  ProCurve  Routing 
Switch  9400sl  series  will  provide 
enterprise  customers  with  the 
ability  to  roll  out  high  perfor¬ 


mance  and  high  availability  Giga¬ 
bit  and  10  Gigabit  switches  at  a 
lower  cost  than  competitors 
Cisco  and  Extreme  Networks. 

According  to  the  Dell’Oro 
Group,  based  on  port  shipments, 
HP  ranked  No.  2  behind  only 
Cisco  in  the  worldwide  modular 
Gigabit  Ethernet  switch  market  in 
the  fourth  quarter  of  2004. 

The  9400sl  series  provides  32 
wirespeed  10  Gigabit  ports,  32 
10G  Ethernet  ports  per  chassis, 
320  wirespeed  gigabit  ports,  480 
gigabit  ports  per  chassis  and  IPv6 
support. 

“HP  is  trying  to  sell  a  network, 
just  like  Cisco,  so  they  need  a 
diverse  range  of  products  to  do 
that,”  says  Jean  Kaplan,  an  associ¬ 
ate  research  analyst  with  IDC.The 
9400sl  series  is  part  of  their  initia¬ 
tive  to  help  customers  with  large 
data  files  that  create  a  lot  of  traffic 
get  gigabit  speeds  to  the  desktop.” 

HP  upgraded  its  ProCurve 
Manager  2.0  and  ProCurve 
Manager  Plus  2.0  software  with  a 
new  user  interface,  automated 
update  features  and  access  secu¬ 
rity  enhancements  (see  graphic). 
For  example,  the  software  now 
supports  SNMPv3,  Secure  Shell 
and  Radius  authentication.  Pro- 
Curve  Manager  ships  with  all  HP 
ProCurve  switches  and  lets  users 
configure  and  manage  switch  set¬ 
tings  from  a  Windows-based  PC. 
ProCurve  Manager  Plus  is  an  en¬ 
hanced  version  that  is  purchased 
as  an  upgrade. 

HP  also  will  upgrade  its  5300 
series  at  no  cost  with  automatic 
Internet  Control  Message  Proto¬ 
col  throttling,  which  HP  says  re¬ 
duces  denial-of-service  attacks 
from  affecting  network  availabil¬ 
ity  HP’s  ProCurve  Wireless  Access 
Fbint  420  series  also  features  new 
capabilities  that  support  industry 
standards  such  as  IEEE  802.1  li, 
802. IX  Extensible  Authentication 
Protocol  and  Wi-Fi  Protected  Ac¬ 
cess  pre-802.11i  implementation 
for  backward  compatibility 

Pricing  for  the  9400sl  series 
starts  at  $310,000  and  the  prod¬ 
ucts  are  expected  to  be  available 
in  August.  ProCurve  Manager  2.0 
and  ProCurve  Manager  Plus  2.0 
are  also  expected  later  this  sum¬ 
mer.  ProCurve  Manager  Plus  2.0 
has  a  starting  price  of  $3,100.The 
no-cost  software  enhancements 
for  the  ProCurve  5300x1  Switch 
series  and  Wireless  Access  Fbint 
420  series  are  planned  to  be  avail¬ 
able  soon.* 
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Supercomm  looks  to  build 
on  telecom  momentum 


■  BY  JIM  DUFFY  AND  TIM  GREENE 

Supercomm  organizers  this  year  hope  to  build  on 
the  telecom  revival  evident  at  last  year’s  conference. 

This  year’s  show  will  see  more  significant 
announcements  from  key  vendors  —  Cisco,  Lucent, 
Juniper,  Sun,  Avici,  Riverstone  Networks  and  others 
—  as  well  as  important  technology  demonstrations 
intended  to  prove  that  next-generation  services  are 
ready  for  prime  time. 

Supercomm  2004  saw  sharp  hikes  in  attendance, 
exhibitors  and  exhibition  space  from  2003.  Riding 
that  momentum,  this  year’s  show  will  see  exhibitor 
count  and  exhibition  space  up  slightly  from  last 
year,  while  attendance  is  expected  to  be  flat:  30,000 
attendees  set  to  peruse  the  offerings  of  667 
exhibitors  —  67  more  than  last  year  —  laid  out  on 
309,000  square  feet  of  real  estate, up  9,000  from  2004. 

On  the  enterprise  business  side,  the  white-hot  ser¬ 
vice  is  Ethernet  as  a  replacement  for  leased  lines.  For 
consumers,  it’s  IPTV  coming  to  a  fiber  near  you  as 
telcos  and  cable  companies  jockey  for  your  remote. 

Infonetics  and  1DC  expect  worldwide  Ethernet  ser¬ 
vices  to  grow  at  a  com¬ 
pound  annual  rate  better 
than  50%  over  the  next  four 
or  five  years.  1DC  says  it  will 
grow  from  $3  billion  in  2003 
to  $19  billion  in  2007;  and 
Infonetics  pegs  growth  to 
$22  billion  in  2009  from  $2.5 
billion  in  2004. 

Ethernet  also  will  be  used  to  carry  video  into 
homes  as  IPTVTelcos  are  embarking  on  multibillion- 
dollar  fiber  buildouts  to  carry  high-speed  interactive 
TV  into  homes.  This  will  necessitate  multimillion- 
dollar  investments  in  Gigabit  passive  optical  net¬ 
work  equipment  that  is  Ethernet  friendly 

“The  two  are  in  many  ways  related,”  says  Thomas 
Nolle,  president  of  consultancy  CIMI.  “If  the  RBOCs 
could  lower  the  cost  of  Ethernet  substantially  by  tak¬ 
ing  advantage  of  the  same  infrastructure  as  is  used 
for  IPTV  to  get  the  economies  of  scale,  then  they 
could  lower  the  price  of  Ethernet  enough  to  make  it 
really  attractive  and  still  earn  as  much  profit  on  it  as 
they  would  have  on  SONET.” 

Market  tracker  MRG  says  the  number  of  IPTV  sub¬ 
scribers  will  grow  from  2  million  in  2004  to  25  mil¬ 
lion  in  2008.While  those  numbers  are  not  staggering, 
the  revenue  opportunity  they  represent  is  more 
impressive:  Subscriber  revenue  of 
$635  million  in  2004  will  grow  to 
$7.2  billion  in  2008,  according  to 
MRG. 

Service  providers  are  spending 
more  overall  this  year,  as  well. 

North  American  service  pro¬ 
viders’  capital  expenditures  are 
projected  to  increase  5%  to  $61 
billion  in  2005,  according  to  Info¬ 
netics  Research. 

Much  of  the  spending  is  targeted 
at  iP/MPLS  routers  and  Ethernet 
switches  for  the  Ethernet/IPTV 
opportunity  Vendors  are  respond¬ 
ing  accordingly 

Juniper,  for  example,  plans  to 


introduce  a  router  at  Supercomm  designed  for 
high-density  Ethernet  aggregation  to  deliver  multi- 
media  broadband  services,  such  as  IPTV,  to  a  large 
number  of  subscribers.  Scaling  from  100G  to  320G 
bit/sec  of  capacity  the  E320  supports  up  to  128,000 
subscribers.  Juniper  also  is  rolling  out  a  High- 
Density  Ethernet  (HDE)  line  module  that  provides 
eight  ports  of  Gigabit  Ethernet  per  slot  and  an  “ATM 
plus  Ethernet”  line  module  designed  to  help  ease 
migration  from  ATM  access  to  next-generation 
Ethernet  access  networks. 

Riverstone  also  is  looking  to  assist  service  pro¬ 
viders  in  migrating  from  ATM  to  Ethernet.The  com¬ 
pany  is  enhancing  its  15008  Ethernet  Edge  Router 
with  packet-over-SONET  and  ATM  interfaces  to  let 
service  providers  extend  Ethernet  services  over 
legacy  networks,  and  vice  versa. 

The  new  modules  include  an  eight-port  FbS  line 
card  that  supports  multi-rate  OC3c/12c/48c  on  any 
port,  to  a  maximum  capacity  of  2xOC48.They  also 
include  a  four-port  packet-over-SONET/ATM  card 
supporting  dual-mode  operation  and  multi-rate 
OC3c/12c/48c  on  any  port,  up  to  lxOC-48. 

Riverstone  also  is  set  to 
unveil  a  96-port  10/100M 
bit/sec  Ethernet  card,  and 
announce  support  for 
Layer2/3  VPNs  and  IPv6  on 
the  15008. 

Turin  Networks  is  sched¬ 
uled  to  unveil  a  “next-gener¬ 
ation  Ethernet”  module  for  its  Traverse  SONET  trans¬ 
port  systems  targeted  at  IPTV  and  Carrier  Ethernet 
service  applications.  The  NGE  supports  four  Gigabit 
Ethernet  links  and  16  10/100M  bit/sec  Ethernet 
ports,  and  is  designed  to  provide  improved  service 
resiliency  and  protection. 

Key  Ethernet/IPTV  demonstrations  are  expected 
to  include  the  Metro  Ethernet  Forum’s  display  of  its 
Carrier  Ethernet  specifications  for  Ethernet  scalabil¬ 
ity  protection,  “hard”  QoS  guarantees,  TDM  support 
and  service  management;  and  the  Optical  Internet¬ 
working  Forum’s  demonstration  of  a  distributed  opti¬ 
cal  control  plane  interoperating  among  seven  ser¬ 
vice  providers  for  Ethernet-over-SONET/SDH  adap¬ 
tation  and  automated  provisioning. 

Other  scheduled  announcements  include: 

•  Microsoft’s  pact  with  Sylantro  Systems  to  inte¬ 
grate  its  applications  with  Sylantro  Systems’ VoIP 
technology  to  create  richer  collaboration  ser¬ 
vices  that  carriers  can  sell. 
Microsoft  is  also  announcing  an 
agreement  to  develop  interfaces 
between  its  products  and  Am- 
doc’s  operations  and  business 
support  systems. 

•  Cisco’s  introduction  of  the 
Cisco  Distributed  Denial  of  Serv¬ 
ice  Protection  product,  a  hardware 
and  software  bundle  that  enables 
service  providers  to  deliver  man¬ 
aged  DDoS  protection. 

•  Sun’s  rollout  of  its  Open 
Service  Delivery  Platform  Solu¬ 
tions  Program  to  help  telecom 
service  providers  deliver  new 
services.  ■ 


■  See  why  Ethernet  promises  better 
bandwidth  and  lower  costs.  PAGE  30. 


More  online! 


Attend  a  Network  World  event  packed  with 
case  studies  from  leading  companies  and 
front-line  colleagues  who've  successfully 
deployed  converged  infrastructures. 

DocFinder:  6928 


MCI  offers  network 
protection  service 

■  BY  DENISE  PAPPALARDO 

MCI  this  week  is  expected  to  officially  launch  its  WAN  Defense  dis¬ 
tributed  denial-of-service  detection  and  mitigation  service  aimed  at 
helping  keep  networks  safe  from  attacks  that  can  bring  services  to  a 
grinding  halt. 

Like  competitors  AT&T  and  Sprint,  MCI  is  offering  users  a  fully  man¬ 
aged  service  that  proactively  detect  attacks  before  a  customer’s  net¬ 
work  is  taken  out  by  malicious  distributed  DoS  assaults. 

MCI  is  using  Arbor  Networks’  PeakFlow  SP  network  behavior  anom¬ 
aly-detection  products  to  pick  up  on  distributed  DoS  attacks  and 
Cisco’s  Guard  XT  device  to  mitigate  these  attacks. 

MCI  has  deployed  three  Arbor  devices  throughout  its  network  in 

the  U.S.  that  create  a  baseline  for 
irregular  traffic  on  MCI’s  IP  net¬ 
work  and  flag  suspicious  traffic, 
says  Chris  Sharp,  vice  president  of 
security  architecture  at  MCI. 
Those  flags  are  then  sent  to  MCI’s 
security  operations  center  (SOC), 
and  the  tainted  traffic  is  sent  to 
one  of  the  carrier’s  mitigation 
centers,  where  the  packets  are 
scrubbed. 

Sharp  says  that  MCI  also  notifies 
the  ISP  where  the  distributed  DoS 
attack  traffic  is  originating,  or  the 
carrier  immediately  blocks  that 
traffic  if  it  originates  from  its  own 
network. 

MCI  has  been  working  on  the 
service  for  months  and  expected 
to  offer  it  in  April  (www.network 
world.com,  DocFinder:  7439),  but 
the  carrier  said  it  took  extra  time 
to  integrate  some  of  NetSec’s 
security  features  with  the  service. 
MCI  acquired  managed  security 
service  provider  NetSec  in  Jan¬ 
uary  for  $105  million  (DocFinder: 
7440). 

The  carrier  is  using  NetSec’s 
Finium  risk  assessment  and  forensic  analysis  platform  with  its  WAN 
Defense  service  so  MCI  can  better  react  to  distributed  DoS  attacks, 
Sharp  says.  Finium  is  similar  to  AT&T’s  Aurora  threat  management  sys¬ 
tem,  which  AT&T  is  currently  testing  with  two  of  its  customers 
(DocFinder:  7441). 

MCI  says  it  plans  on  integrating  Finium  with  other  MCI  security 
services  that  it  expects  to  announce  in  the  next  six  months,  Sharp 
says.  He  didn’t  say  which  services  would  be  integrated. 

Dallas-based  Affiliated  Computer  Services  (ACS)  has  been  using 
MCI’s  WAN  Defense  service  for  three  months,  says  Don  Liedtke, 
senior  vice  president  of  emerging  markets  at  the  business  process 
outsourcer  and  IT  outsourcing  company 

ACS,  which  is  a  Fortune  500  business  and  competes  with  compa¬ 
nies  such  as  EDS,  is  using  WAN  Defense  for  its  corporate  WAN,  as 
well  as  for  its  customers  that  use  MCI  IP  connectivity,  Liedtke  says. 

“[Distributed]  DoS  is  a  problem  from  time-to-time.  We  have  not 
had  a  lot  of  problems,  but  they  are  a  nuisance,”  Liedtke  says.  “We 
wanted  a  preventative  measure  in  place;  who  knows  what’s  around 
the  corner.” 

Liedtke  says  ACS  also  looked  at  anti-distributed  DoS  offerings 
from  AT&T  and  Sprint,  and  is  likely  to  deploy  multiple  services  to 
support  all  of  its  outsourcing  customers,  including  Brother 
International,  Delta  Airlines  and  the  state  of  Montana. 

WAN  Defense  is  available  for  $200  up  to  $69,000  per  month  (see 
chart  above).  The  carrier  also  includes  a  handful  of  service-level 
agreements  with  the  offering.  ■ 


Cost  of  fighting 
DDoS  attacks 

MCl’s  WAN  Defense  service 
can  be  purchased  solo  or 
bundled  with  the  carrier’s 
mitigation  support  Here’s 
how  much  it  costs: 


Stand-alone  service* 

Bandwidth 

T-1, 1.544M  bit/sec 
T-3, 45M  bit/sec 
OC-48,  2.488G 
bit/sec 

Bundled  version* 

Bandwidth 

500M  bit/sec 
3G  bit/sec 


Monthly 

fee 

$200 

$2,000 

$69,000 


Monthly 

fee 

$3,500 

$14,250 


•INCLUDES  ONE-TIME  SETUP  FEE  OF  $200  TO 
$2,500  FOR  STAND-ALONE  SERVICE;  $1,000  FOR 
8UNDLED  VERSION. 
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SQL  Server  2000  processes  over  89,001 
more  line  items  per  hour  than  Oracle  in 
a  SAP  four-p  ocessor  benchmar  . 


See  the  results  of  the  benchmark  or  find  a 
Microsoft  Certified  Partner  at  microsoft.com/sql 
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Under  attack 

Iowa  State  University  recently  hosted  the  Cyber  Defense  Competition,  which  challenged 
students  to  defend  against  mock  network  attacks.  The  project  used  a  high-speed 
network  called  the  Internet-Simulation  Event  and  Attack  Generation  Environment 
(ISEAGE),  which  is  something  of  a  miniature  version  of  the  Internet.  Judges  were 
connected  to  the  network  so  they  could  monitor  the  competition.  Synthetic  traffic 
was  generated  that  made  attack  traffic  harder  to  spot. 


Fiber  links 


Racks  contain  a 
Netgear  Gigabit 
Ethernet  switch, 
16  diskless 
motherboards 
and  a  file  server. 


Netgear  eight-port  hub 
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64 1G  bit/sec  Ethernet 
links,  any  range  of  IP 
addresses 
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Miniature 

continued  from  page  1 

says  Iowa  State  University  Pro¬ 
fessor  of  Computing  Doug 
Jacobson,  who  heads  up  the 
project,  which  is  funded  primar¬ 
ily  by  the  Department  of 
Justice.“We’lI  look  at  attack 
tools  and  defense  mechanisms. 
Our  goal  is  to  have  this  as  a 
point  where  organizations  can 
test  security  paradigms.” 

The  school  last  year  snagged  a 
half-million  dollar  grant  from 
the  Justice  Department,  with 
another  $700,000  promised  for 
this  summer,  to  build  the  minia¬ 
ture  Internet.  Agriculture  and 
construction  equipment  manu¬ 
facturer  John  Deere  also  kicked 
in  $30,000.  Iseage,  basically  a 
collection  of  PCs,  servers  and 
switches  using  custom-designed 
software  to  simulate  routers  and 
network  nodes,  was  ready  for  its 
first  game  of  Beat  the  Hacker 
last  month  (see  diagram). 

Iowa  State’s  Cyber  Defense 
Competition  pitted  teams  of 
university  students,  who 
defended  Web  sites,  mainly  of 
their  own  design,  against  secu¬ 
rity  professionals  playing  the 
part  of  attacker. 

“My  role  was  to  break  in  and 
crash  their  servers,” says  Adam 
Kaufman,  information  security 
analyst  for  the  state  of  Iowa  in 
Des  Moines.“It  gave  them  a 
taste  of  what  an  attack  is  like." 

The  Web  sites  being  defended 
ran  on  Windows,  Unix  and  open 


source  operating  systems.  Some 
of  the  students  who  protected 
the  sites  used  the  Snort  intru¬ 
sion-detection  system,  and 
assorted  firewalls.  Competition 
organizers  supplied  content  for 
the  Web  sites. 

The  competition,  which  lasted 
for  20  consecutive  hours,  began 
by  having  Red  Team  attackers 
use  scanning  tools,  such  as 
nMap  freeware,  to  find  out  each 
student  team’s  software  configu¬ 
rations  and  determine  where 
weaknesses  might  lie. 

“I  also  used  the  Web  Inspect 
scanner  to  find  a  vulnerability 
in  a  PHP  page,  for  instance,” 
Kaufman  says.“One  team  had  a 
server  that  allowed  us  to  run 


commands  on  it.  Or  we  could 
upload  files.” 

The  scoring  for  the  competi¬ 
tion  proceeded  —  as  in  golf  — 
by  adding  up  points  for  mis¬ 
takes,  making  the  lowest  score 
the  winner. 

“The  winning  team  recog¬ 
nized  the  attack  before  the 
other  ones,”  Kaufman  says.“You 
had  to  send  e-mail  to  the  judges 


to  let  them  know  you  saw  what 
was  happening.  Some  teams 
didn’t  even  recognize  we  had 
broken  into  their  server’’ 

“We  were  supposed  to  config¬ 
ure  the  Web  server  to  be  secure, 
but  mistakes  allowed  them  to 
run  Linux  commands  on  our 
server’’ says  Iowa  State  student 
Sean  Howard,  who  was  part  of 
the  winning  team. 

“They  managed  to  get  in  and 
send  a  few  e-mails,”  says 
Howard,  who  last  month  gradu¬ 
ated  with  a  bachelor’s  degree  in 
computer  engineering  and  in¬ 
tends  to  study  information 
assurance  on  a  graduate  level. 
Overall,  the  battle  on  Iseage  pro¬ 
vided  many  lessons  about  how 


it  would  feel  to  have  to  defend 
a  corporate  network,  he  says. 

Red  Team  members  crashed 
servers  many  times,  and  one 
student  team  took  its  server 
offline  to  fix  a  vulnerability. 
Under  the  rules,  the  only  offen¬ 
sive  disallowed  was  a  distrib¬ 
uted  denial-of-service  attack 
(DoS),  Kaufman  says. 

Larry  Brennan,  information 
security  officer  for  the  state  of 
Iowa,  who  was  a  competition 
judge,  says  the  experience  was 
fascinating,  especially  observing 
the  students’  attempts  to  ward 
off  the  array  of  attacks. 

“One  Red  Team  had  used  a 
printer  to  launch  an  attack,” 
Brennan  says.“The  students 
were  amazed,  saying: ‘Even  that 
printer  betrayed  us.’” 

While  Iowa  State  plans  to 
have  additional  Cyber  Defense 
Competitions,  the  university 
also  wants  to  see  Iseage  used 
for  more  than  just  fun  and 
games. 

Jacobson,  also  the  founder 
and  CTO  at  Palisade  Systems, 
says  there’s  a  commercial  need 
to  be  able  to  model  the  com¬ 
plexities  of  real-world  Internet 
attacks. 

“There  hasn’t  been  a  test  bed 
like  this  before,  with  the  excep¬ 
tion  of  the  Deter  test  bed  at  the 
University  of  Berkeley,  which 
was  funded  by  the  Department 
of  Homeland  Security  to  focus 
on  [distributed]  DoS,” Jacob¬ 
son  says. 


Deter,  short  for  the  Cyber 
Defense  Technology  Experi¬ 
mental  Research,  has  a  number 
of  vendors,  including  McAfee, 
participating  in  it. 

Palisade  donated  to  Iseage 
one  of  its  PacketSure  appli¬ 
ances  for  monitoring  network 
activity  usage  while  an  attack  is 
in  progress.  For  an  as-yet  un¬ 
specified  fee,  Iowa  State  will 
make  Iseage  available  to  organi¬ 
zations  for  modeling  their  net¬ 
works  for  defensive  purposes. 
The  test  bed  is  expected  to  be 
used  by  the  state  of  Iowa  to  find 
out  how  its  network,  as  recreat¬ 
ed  on  Iseage,  might  hold  up  to 
various  attacks  under  different 
defense  scenarios. 

“Everybody  has  had  labs 
where  you  can  do  testing,” 
Kaufman  says. 

“But  here,  you  can  use  real 
Internet  addresses  and  you 
don’t  have  to  change  anything. 
You  can  look  exactly  like  you’re 
on  the  Internet,”  he  adds.  ■ 


Got  great  ideas 


■  Got  a  suggestion  for  a 
Wider  Net  story?  An  offbeat 
network  industry-related 
topic?  A  fascinating  personali¬ 
ty  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbrown@nww.com. 


Our  goal  is  to  have  this  as  a  point 
where  organizations  can  test  security 
paradigms. M 

Doug  Jacobson 

Professor  of  computing,  Iowa  State  University 
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3Com  quarantines  malicious  traffic 


3Com's  new  5500  switches  support  high-density  Power  over  Ethernet  and  act  as  enforcement 
points  for  its  TippingPoint  Intrusion  Prevention  System. 


■  BY  TIM  GREENE 

3Com  this  week  will  introduce  software 
that  uses  switches  as  enforcement  points  to 
shut  down  attacks  on  business  networks, 
making  it  possible  for  users  to  quarantine 
infected  machines  that  propagate  mali¬ 
cious  code. 

New  software  for  the  company’s 
TippingPoint  Intrusion  Prevention  System 
lets  the  IPS  intervene  if  individual 
machines  violate  security  policies.  The 
package  requires  no  dedicated  quarantine 
client  on  each  device,  which  would  require 
administration  time  to  distribute,  configure 
and  maintain. 

The  new  software  can  apply  security  poli¬ 
cies  to  an  IP  device  on  the  network  includ¬ 
ing  servers,  desktops,  PDAs,  IP  phones  and 


■  Nortel  is  offering  a  fix  for  a  vulner¬ 
ability  that  could  let  an  attacker  crash 
its  VPN  routers  with  a  single  mal¬ 
formed  packet.  The  denial-of -service 
vulnerability,  reported  by  Internet 
security  testing  company  NTA 
Monitor  affects  several  models  in  the 
Nortel  VPN  Router  line,  formerly 
known  as  Nortel  Contivity.  NTA  char¬ 
acterized  the  vulnerability  as  serious, 
and  Nortel  gave  it  "major  priority"  sta¬ 
tus.  An  attacker  could  cause  the 
routers  to  reboot  or  to  crash  by  send¬ 
ing  a  single  IKE  (Internet  Key 
Exchange)  packet  with  a  malformed 
ISAKMP  (Internet  Security  Associa¬ 
tion  and  Key  Management  Protocol) 
header,  according  to  NTA.  In  testing, 
most  routers  restarted  —  which 
takes  about  5  minutes  —  and  some 
required  manual  intervention  to  be 
restarted,  NTA  reported.  The  vulnera¬ 
bility  affects  every  product  in  the  VPN 
Router  600, 1000, 2000,  4000  and  5000 
lines.  Nortel  recommends  upgrading 
those  systems  to  Version  5.05.200  of 
the  software,  which  was  released  last 
month,  or  to  install  the  patched  ver¬ 
sions  of  the  version  4.76,  4.85, 4.90  or 
5.00  software,  which  will  be  made 
available  in  June,  according  to  a 
Nortel  security  bulletin. 


printers.  When  devices  log  on  to  the  net¬ 
work  via  3Com’s  automatic  media  access 
control  (MAC)-based  Radius  Authenticated 
Device  Access  (RADA),  it  grants  access  to 
authorized  virtual  LANs  and  QoS  on  the 
network. 

Other  vendors  are  making  similar  efforts 
to  block  attacks  and  minimize  any  damage. 
Alcatel  and  third-party  intrusion  detection 
vendors  team  to  use  the  company’s 
Automated  Quarantine  Engine  in  Alcatel 
switches.  Nortel’s  switches  also  support 
third-party  intrusion-detection  systems. 
Cisco’s  Clean  Access  software  imposes  sim¬ 
ilar  restrictions.  Enterasys’  Automated 
Security  Manager  quarantines  traffic  via  its 
switches. 

The  3Com  quarantine  software  works 
with  any  vendor’s  switches,  but  3Com  says 
response  time  for  taking  enforcement 
action  is  faster  with  3Com  switches  by  a 
matter  of  seconds,  but  has  no  specific 
numbers  to  support  the  claim. 

With  3Com’s  gear,  when  a  device  con¬ 
nects  to  the  network,  its  MAC  address  and  IP 
address  are  logged,  as  well  as  what  switch 
port  the  device  is  connected.  If  the  IPS  iden¬ 
tifies  the  device  as  generating  malicious 
traffic,  the  TippingPoint  IPS  can  trigger 
remedial  action  such  as  shutting  down  the 
switch  port  or  redirecting  the  machine  to  a 
secure  VLAN  that  displays  a  Web  page 
explaining  what  has  happened  and  what 
action  the  user  should  take.  For  instance, 
the  page  might  say  the  machine  has  been 
infected  by  a  virus  and  to  contact  the  help 
desk. 

The  software  is  an  upgrade  to  current 
TippingPoint  IPS  and  ships  with  new 
orders. 

3Com  also  is  announcing  a  new  switch 
family  the  5500  series  stackable  switches, 
and  the  7750  modular  switch  chassis. 

The  5500  series  includes  both  10/100M 
bit/sec  and  Gigabit  Ethernet  models  and 
comes  with  either  24  or  48  ports.  The  giga¬ 
bit  platform  supports  Power  over  Ethernet 
(PoE),as  well  as  fiber  connections. 

The  boxes  come  with  two  different  soft¬ 
ware  loads,  standard  and  enhanced.  The 
enhanced  versions  enable  stacking  eight 
of  the  switches  rather  than  two  and  sup¬ 
ports  link  aggregation  to  create  larger  logi¬ 
cal  links  and  to  support  redundancy  The 
devices  also  have  one  slot  for  an  IPv6 
router. The  slot  also  can  support  a  wireless 
switch,  reducing  the  need  for  a  separate 
device. 

These  switches  are  similar  to  high-density 
stackables  from  Enterasys,  Extreme 


Networks  and  Nortel.They  add  PoE  support 
in  the  3Com  line,  something  it  lacked  in 
high-density  switches,  says  Steve  Schu- 
chart,  an  analyst  with  Current  Analysis. 

Customers  adding  switches  to  their  net¬ 
works  that  don’t  include  wireless  or  VoIP 
might  want  to  add  them  and  seek  the 
assurance  that  they  can  get  it  without  re¬ 
placing  all  their  switches  again,  he  says. 
“Not  every  customer  is  going  to  buy 
[PoE] ,  but  you’ve  got  to  have  it,”  he  says. 

The  7750  modular  switch  supports  48- 
port  10/100  or  Gigabit  Ethernet  cards  and 


■  BY  CARA  GARRETSON 

IronPort  Systems  this  week  announced  a 
new  version  of  its  e-mail  security  appliance 
for  large  organizations  that  can  process  up 
to  1  million  messages  per  hour. 

Called  the  X1000  and  priced  starting  at 
$90,000,  this  mail  transfer  agent  is  tuned  to 
offer  the  high  performance  that  large  com¬ 
panies  and  ISPs  need,  says  Tom  Gillis,  Iron- 
Part’s  senior  vice  president  for  worldwide 
marketing.  In  addition,  the  new  appliance 
offers  protection  from  inbound  and  out¬ 
bound  e-mail  abuses  such  as  spam,  viruses, 
and  phishing  through  the  included 
Reputation  Filters  that  rate  the  sending  his¬ 
tory  of  a  given  IP  address. 

The  Reputation  Filters  use  IronPort’s 
SenderBase  database  that  tracks  e-mail 
being  sent  over  the  Internet  and  can  flag 
suspicious  activity  such  as  addresses  that 


comes  in  a  four-slot  and  a  seven-slot  ver¬ 
sion.  So  the  smaller  version  can  deliver  PoE 
to  144  ports  and  the  larger  to  288  ports. 
Schuchart  describes  this  as  a  PoE  update 
for  the  3Com  7700  switch,  and  says  it  lacks 
a  redundant  management  card, something 
that  was  available  with  the  7700.  “If  you’re 
considering  doing  telephony  with  a  switch, 
you  want  redundancy’ he  says. 

3Com  also  is  announcing  upgrades  to  its 
Enterprise  Management  System  that  sup¬ 
ports  role-based  access  to  management 

See  3Com,  page  20 


send  bursts  of  mail  in  a  short  amount  of 
time. 

Also  available  are  third-party  filters  for 
virus  protection  from  Sophos  and  Syman¬ 
tec,  as  well  as  spam  protection  from 
Symantec’s  Brightmail  division  that  are 
sold  separately 

IronPort  has  included  with  the  XI 000 
DomainKey  e-mail  authentication  technol¬ 
ogy  that  was  developed  by  Yahoo,  Gillis 
says.  This  technology  authenticates  an  e- 
mail’s  sender  by  using  public  and  private 
keys  to  match  the  content  of  a  sent  mes¬ 
sage  with  one  stored  on  the  senders  server, 
verifying  the  sender  is  who  he  says  he  is. 

The  process  of  matching  public  and  pri¬ 
vate  keys  is  a  simple  DNS  look  up,  Gillis 
says,  but  can  affect  how  quickly  mail  sent 
using  DomainKeys  is  processed.  IronPort 
has  tuned  the  performance  of  the  X1000  to 
See  IronPort  page  20 
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In  an  astonishingly  short  time, “broad¬ 
band”  has  evolved  to  mandatory  “utili¬ 
ty”  status  for  many  households  —  espe¬ 
cially  those  that  serve  as  temporary  or  per¬ 
manent  “branch  offices”  for  businesses 
large  and  small.  After  electricity  and  water, 
the  broadband  connection  is  often  the 
next  most  vital  resource.  Yet,  for  all  its  im¬ 
portance,  users  have  little  visibility  into  it 
beyond  knowing  whether  it  is  on  or  off. 

Unfortunately,  while  this  level  of  knowl¬ 
edge  is  sufficient  for  water  and  electricity  it 
isn’t  for  broadband.  Most  of  the  time  we’ve 
chosen  which  level  of  service  to  purchase, 
yet  we  have  absolutely  no  way  of  knowing 
whether  we  are  getting  what  we  pay  for. 

Put  another  way  —  the  service  provider 
guarantees  to  bill  us  the  higher  amount  if 


Broadband  service  providers  keeping  secrets? 


we  “upgrade”  while  simultaneously  notify¬ 
ing  us  that  in  no  way  are  they  obligated  to 
deliver  any  service  level  greater  than  “on.” 

Herewith  the  footnote  from  my  current 
provider:  “Adelphia  does  not  guarantee 
speeds,  as  the  speed  of  the  Adelphia 
Broadband  Service  provided  to  you  at  your 
site  will  vary  depending  upon  your  com¬ 
puter  and  associated  equipment,  Internet 
traffic  and  associated  equipment,  and 
other  factors.” 

For  business  users  trying  to  be  productive 
from  a  small  office-home  office  (SOHO) 
office  these  “factors”  are  too  important  to 
be  dismissed  with  a  footnote. 

While  we’ll  grant  that  the  service  provider 
can’t  be  held  responsible,  if  it  can’t  be  held 
responsible  for  its  part  of  the  edge,  who 
can? 

Given  that  we  have  alternatives  —  many 
U.S.  locations  can  have  their  pick  of  DSL  or 
cable  modem  —  it  would  be  nice  to  have 
some  data  about  the  infrastructure  and  its 
performance. 

Without  such  data,  I  imagine  many  follow 


my  pattern.  I  install  cable  modem  service 
because  the  installation  period  is  three 
days  instead  of  three  weeks.  Then,  when  I 
get  tired  of  15-second  response  time  for 
loading  simple  Web  pages,  I  order  up  DSL 
to  replace  cable. 

Given  that  the  service-level  agreement 
(SLA)  is  a  non-SLA,  my  choice  appears 
either  to  switch  providers  or  acquiesce  to 
“whatever”  I  happen  to  get  —  good,  bad  or 
indifferent. 

For  all  I  know,  my  poor  response  time  is 
because  the  kid  next  door  is  an  unwitting 
high-speed  LimeWire  file  server  to  the 
globe.They  used  to  say  that  users  of  shared 
services  like  cable  would  see  performance 
degrade  when  the  neighborhood  kids  got 
home  from  school.  Now  with  peer-to-peer, 
you  can  experience  (perhaps)  that  some 
degraded  performance  24/7. 

So  service  providers,  how  about  some 
hard  facts?  How  come  cable  users  can’t 
find  out  how  many  other  users  they  are 
“sharing”  with?  Why  is  it  a  secret?  Are  you 
underprovisioned  and  don’t  want  us  to 


find  out?  Never. 

What  are  you  doing  to  protect  us  from 
having  incessant,  peer-to-peer  transfers  of 
mega-files  from  crushing  our  SoHo  pro¬ 
ductivity?  Given  the  insidious  nature  — 
and  massive  popularity  —  of  programs 
such  as  LimeWare  the  offending  party  is 
likely  not  even  aware  that  they  are  causing 
the  problem. 

When  the  water  company  sees  a  con¬ 
stant  flow  of  water,  it’s  smart  enough  to 
know  that  something  is  not  right. 

When  the  data  pipe  streams,  it  goes  unno¬ 
ticed.  We  know  that  this  data  exists  and 
even  a  little  data  mining  could  help  spot 
intentional  or  unintentional  bandwidth 
abuse  and,  ultimately  improve  quality  for 
the  overall  customer  base. 

Service  providers,  set  me  straight.  What 
am  1  missing  here? 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktoIly@tolly.com. 


Aruba  corrals  foreign  wireless  LAN  clients 


■  BY  JOHN  COX 

Users  can  corral  foreign  wireless  LAN 
clients  trying  to  connect  to  corporate  net¬ 
works,  and  grant  them  limited  access  to 
specific  resources,  using  new  software 
from  Aruba  Wireless  Networks  and  Sygate. 

The  Client  Integrity  Module  software 
announced  last  week  lets  companies  con¬ 
trol  WLAN  access  by  unmanaged  WLAN 
clients, such  as  a  notebook  or  PDA  brought 
on-site  by  a  supplier,  contractor,  salesper¬ 
son  or  other  visitor.  If  these  foreign  devices 
pass  inspection,  they  can  be  given  con¬ 
trolled  access  to  specific  resources.  If  they 
fail,  they  can  be  blocked  or  shunted  to  a 


3Com 

continued  from  page  19 

functions  and  logging  of  rules  changes 
that  can  be  used  for  auditing  to  meet  reg¬ 
ulatory  requirements  such  as  the  Health 
Insurance  Portability  and  Accountability 
Act  and  the  Sarbanes-Oxley  Act.  The  plat¬ 
form  also  supports  improved  integration 
with  umbrella  management  systems  such 
as  Tivoli,  OpenView  and  Unicenter,  mak¬ 
ing  it  simpler  to  manage  multiple  thou¬ 
sands  of  devices. 

The  10/100  models  ship  this  month;  the 
gigabit  models  ship  in  September.  Non- 
PoE  10/100  switches  range  from  $2,500  to 
$4,500,  and  from  $3,800  to  $6,500  for  PoE. 

Non-PoE  gigabit  switches  range  from 
$6,000  to  $11,000  and  from  $7,500  to 
$13,500  for  PoE. 

The  7700  chassis  costs  $1 ,800  to  $4,0005, 
switch  cards  cost  $5,000,  and  a  48-port 
gigabit  card  costs  $5,000.B 


quarantine  site  to  get  the  needed  anti-virus 
upgrades  or  security  patches. 

Aruba  worked  with  Sygate  to  incorporate 
the  Sygate  On-Demand  Agent  into  the 
Aruba  switch  operating  system,  linking  the 
agent  with  Aruba’s  built-in  stateful  firewall. 
When  the  switch  detects  an  unmanaged 
client,  it  can  activate  the  client’s  Web 
browser  and  download  the  Sygate  agent, 
which  is  about  500K  bytes. 

The  agent  scans  the  client,  based  on  one 
or  more  policies  created  by  an  administra¬ 
tor.  It  can  check  for  up-to-date  anti-virus 
software  from  vendors  such  as  McAfee, 
Norton  and  Trend  Micro,  for  personal  fire¬ 
walls,  for  Windows  XP  patches  and  soft¬ 
ware  updates,  for  specific  system  registry 
values,  and  even  for  specific  files.  The 
results  of  the  scan  are  sent  back  to  the 
switch.  The  switch  can  adjust  the  firewall 


settings,  to  control  what  the  client  can 
access,  and  download  additional  mod¬ 
ules,  such  as  a  Sygate  program  that  cleans 
browser  and  file  caches. 

Network  administrators  set  up  the  system 
using  a  Sygate  PC  program,  called  On- 
Demand  Manager,  selecting  the  detailed 
information  the  agent  is  to  check  for  such 
as  the  McAfee  anti-virus  software.  The 
result  is  compiled  into  an  XML  file, which  is 
then  loaded  on  each  Aruba  switch  in  the 
WLAN.  Separately,  the  administrator  works 
on  the  designated  Aruba  master  switch  to 
set  up  the  corresponding  firewall  policies. 
This  process  involves  creating  rules,  such 
as  “if  the  anti-virus  check  fails,  redirect  the 
client  to  the  following  location  to  get  the 
latest  anti-virus  update.” 

The  switch,  using  802.  IX  authentication 
and  Microsoft  Group  Policy  Objects,  can 
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be  able  to  handle  these  look-ups  without 
performance  degradations,  he  says. 

The  company  will  make  DomainKey 
technology  available  to  users  of  its  other 
appliances  through  an  upgrade  to  its  oper¬ 
ating  system  called  AsyncOS.This  upgrade 
will  be  available  during  the  second  half  of 
the  year  at  no  additional  charge  for  existing 
users  with  service  plans. 

While  DomainKey  technology  would 
provide  an  extra  level  of  protection  from 
messaging  abuses,  it  might  be  overkill  for 
some  users.  Corestaff  Support  Services,  a 
temporary  and  permanent-staffing  compa¬ 
ny,  is  content  running  IronFbrt’s  C60  appli¬ 
ance  to  protect  its  2,000  users  from  spam. 


“We’re  very  happy  with  the  Brightmail  and 
SenderBase  parts.  Obviously  it  doesn’t  get 
everything,  but  [spam]  isn’t  a  pain  point  for 
us  right  nowj’ says  Donald  Murphy  manager 
of  Corestaff’s  technology  support. 

Although  IronFbrt  will  make  DomainKey 
technology  available  across  its  product 
line,  the  company  continues  to  support 
other  sender-authentication  initiatives, 
including  SenderlD.  Gillis  recommends 
companies  employ  both  because  two  tech¬ 
nologies  go  about  verifying  a  sender’s  iden¬ 
tity  in  different  ways.  While  DomainKey 
focuses  on  authenticating  the  content  of  a 
message  to  verify  its  sender,  SenderlD  is 
designed  to  check  the  sender’s  IP  address. 

IronFbrt  competes  with  e-mail  appliance 
vendors  including  CipherTrust,  Proofpoint 
and  BorderWare.B 


distinguish  between  managed  clients,  for 
example,  a  corporate  notebook  config¬ 
ured  for  the  network,  and  an  unmanaged 
client,  such  as  an  employee’s  personal 
notebook  or  PDA,  according  to  Merwyn 
Andrade,  Aruba’s  CTO. 

The  key,  he  says,  is  that  the  unmanaged 
devices  will  lack  a  digital  certificate,  and 
will  be  unknown  to  the  network.  Once  the 
Aruba  switch  gains  that  information,  it 
can  start  the  process  of  downloading  the 
Sygate  agent. 

The  Sygate  modules  that  now  are  part  of 
Release  2.5  of  the  agent,  and  included  in 
the  Aruba  offering,  include  one  for  block¬ 
ing  malicious  code  execution,  for  detect¬ 
ing  keystroke  loggers,  and  a  secure  virtual 
desktop. 

The  virtual  desktop  creates  on  the  client 
a  temporary  space  for  working  with 
specific  confidential  data.  The  desktop 
encrypts/decrypts  data,  limits  what  appli¬ 
cations  can  be  used  with  it,  and  whether 
and  how  the  data  can  be  saved. 

This  is  Sygate’s  first  such  deal  with 
a  WLAN  switch  vendor.  Aruba  seems  to 
be  the  first  WLAN  vendor  to  incorporate 
third-party  client  scanning  software  in  an 
effort  to  control  access  by  unmanaged 
clients.  Aruba  competes  with  Trapeze 
Networks,  Symbol  Technologies  and 
Cisco/ Airespace. 

The  Client  Integrity  Module  has  a  starting 
price  of  $500  per  switch,  for  the  entry-level 
Aruba  8004  four-port  device.  B 
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The  Cure  For  the 
Common  Dead  Spot 


RangeMax™ 

■  Wireless  Router  WPN824 
•  USB  2.0  Adapter,  WPN1 11 

■  PC  Card,  WPN51 1 

■  PCi  Adapter,  WPN3 1 1 


A  home  wireless  network  can  be  a  real  headache,  but  now  you  can  get  instant  relief  with 
RangeMax™  from  NETGEAR®.  The  RangeMax  Smart  MIMO  (Multi-In,  Multi-Out)  technology 
family  of  wireless  products  is  the  perfect  prescription  for  those  annoying  dead  spots  you 
encounter  in  your  home,  and  from  the  interference  generated  by  microwave  ovens, 
cordless  phones,  or  even  your  neighbor's  wireless  network. 
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3X 

of  a  standard 802.  7  1g 


20  Feet 


MIMO-G  speeds  throughout  your 
home  with  RangeMax 


With  up  to  1  OX  greater  wireless  coverage  than  standard  802.1 1  g,  and  with  7  internal 
antennas  that  instantly  adapt  to  interference  and  physical  barriers,  RangeMax  ensures  your 
wireless  network  goes  faster  and  farther  -  reaching  corners  of  your  home  that  standard  G 
and  Super  G  simply  can't  reach.  It’s  also  optimized  for  easy,  automatic,  installation,  using 
NETGEAR's  Smart  Wizard™.  RangeMax  is  100%  compatible  with  existing  802.1 1  b/g 
products,  helping  you  get  the  most  out  of  your  wireless  network.  To  learn  more,  visit 
www.netgear.com/go/rangemax  and  bring  those  ailing  dead  spots  to  an  end. 
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Wl  r  I  was  younger,  storing  a  lOM-byte 

computer  game  on  my  father’s  PC 
drove  him  nuts.  “Computer  storage 
space  should  be  saved  for  more  valu¬ 
able  files,”  he  would  tell  me.  1  can  only 
imagine  what  he  would  think  about 
today’s  storage  needs  on  home  net¬ 
works,  including  music,  digital  photos, 
home  videos  and  all  those  e-mails. 
Home  networks  need  centralized 
storage  to  save  us  from  16  versions  of  “Funkytown” 
spread  out  among  six  PCs.  Luckily,  network-attached 
storage  devices  are  coming  to  the  market  that  bring 
storage  away  from  individual  PCs  to  where  it  belongs: 
the  network. 

In  addition,  home  users  are  notorious  for  not  properly 
backing  up  their  files.  While  in  the  past  it  might  have 
been  easier  to  cope  with  losing  a  file  or  two,  in  these 
days  of  99-cent  music  downloads  (I’ve  spent  at  least 
$250  at  iTunes  in  the  past  year),  saving  files  becomes  a 
serious  money-saving  issue. 

So  in  this  issue  of  Network  Life,  we  present  our  Storage 
Strategy  Guide,  offering  tips  and  suggestions  on  the  best 
ways  to  provide  your  home  network  clients  (friends, 
family  and  neighbors)  the  storage  and  back-up  protec¬ 
tion  they’ll  need  to  keep  them  (and  you)  a  happy  net¬ 
work  citizen. 

Once  you’ve  trained  your  users  to  store  their  files  cen¬ 
trally,  you  can  get  them  to  enjoy  their  multimedia  con¬ 
tent  in  new  ways  by  streaming  them  all  around  the 
house  (see  page  15).  Our  “Content  Everywhere”  story 
points  out  the  many  products  on  the  market  that  aim  to 
play  music  or  stream  video  around  the  house. 

There’s  lots  more  in  this  issue,  as  well,  including  a 
warning  about  home  VoIP  systems  and  our  usual  depart¬ 
ments.  We  also  would  like  to  hear  from  readers  about 
their  Network  Life  impressions  —  have  you  been  happy 
with  what  we’ve  presented?  What  other  topics  would 
you  like  us  to  cover?  Is  this  format  the  best  way  to  pres¬ 
ent  our  advice?  Send  me  a  note  at  kshaw@nww.com  and 
tell  me  what  you  like  or  don’t  like. 


Keith  Shaw 
Editor 
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Get  ready  for  high-def  DVDs 


Toshiba  touts  45G-byte  capacity  on  new  disc. 
SMARTYN  WILLIAMS 

IDG  News  Service  (Tokyo  Bureau) 

TOKYO  — Toshiba  has  developed  a  prototype 
HD-DVD  disc  that  increases  the  format’s  storage 
capacity  by  50%  and  brings  it  closer  to  that  of 
the  rival  Blu-ray  Disc,  the  company  said  last 
month. 

The  new  disc  has  a  capacity  of  45G  bytes,  which  is 
just  less  than  the  50G  bytes  offered  by  a  dual-layer  Blu- 
ray  Disc,  and  will  give  content  producers  additional  space 
to  store  longer  high-definition  movies  or  extras  such  as  trailers, 
out-takes  or  interactive  features. 

Toshiba  accomplished  the  capacity  jump  by  adding  an  extra 
data  storage  layer  to  the  disc.  Each  HD-DVD  layer  has  a  capacity  of 
15G  bytes,  and  the  new  disc  packs  three  such  layers. 

The  company  also  announced  a  second  prototype  disc  that 
uses  the  same  basic  technology  The  hybrid  disc  combines  a  dual¬ 
layer  HD-DVD  with  a  dual-layer  DVD  to  provide  a  double-sided 
disc  that  can  be  played  in  either  HD-DVD  or  DVD  players.The  disc 
could  be  used  as  a  transitional  format  that  lets  consumers  buy 


discs  for  use  in  DVD  players  while  building  up  a 
library  of  high-definition  content  for  when  they 
purchase  an  HD-DVD  player. 

The  announcement  could  give  Toshiba  a 
boost  in  ongoing  talks  with  Blu-ray  Disc-sup- 
porters  Sony  and  Matsushita  Electric  Industrial 
(Panasonic), regarding  a  single, unified, high-def¬ 
inition  videodisc  standard. 

The  talks  began  earlier  this  year  and  are  aimed  at 
^  heading  off  what  many  expect  will  be  a  damaging  for- 
mat  battle  that  will  harm  both  consumers  and  the  con¬ 
sumer  electronics  and  entertainment  industries. 

The  HD-DVD  industry  group  said  in  January  that  it  plans  to 
have  players  and  content  available  in  U.S. stores  in  the  last  quar¬ 
ter  of  this  year. The  first  machine  to  support  prerecorded  Blu-ray 
Disc  is  expected  to  be  announced  next  week  when  Sony 
Computer  Entertainment  shows  off  a  prototype  of  its  next-gen¬ 
eration  PlayStation  3.  The  console  _ 

and  other  Blu-ray  Disc  players 
aren’t  expected  to  be  commercial¬ 
ly  available  until  2006.  ■ 


Protect  yourself 
from  charge-backs 

Mom  and  Pop  businesses  usually  can’t  tell  if 
a  credit  card  used  for  purchases  is  bogus.That 
puts  them  at  risk  for  charge-backs,  which 
banks  charge  merchants  when  charges  are 
disputed.  These  charge-backs  can  run 
between  $25  and  $45 
per  fraudulent  charge, 
not  to  mention  the  cost 
of  the  merchandise 
that  has  been  shipped. 

If  friends  or  family 
are  conducting  any 
type  of  online  com¬ 
merce,  direct  them  to 
a  $59  primer  on  credit 
card  security  from 
www.preventchargebacks.com. 
CardCops.com  screens  credit  cards  for  mer¬ 
chants  for  $10  per  month,  and  can  screen 
cards  for  consumers  for  $15  per  year.  More 
resources  are  at  www.merchant911.org. 


Epson  upgrades 
photo  printer 


Got  a  Windows 
system  crash- 

Solve  it  in  minutes  with 

our  new  primer 

www.networkworld.com 

DocFinder:  2131 


Our  favorite  digital  photo  printer  from  last 
year  just  got  a  big  brother. 

Epson  says  its  PictureMate  Deluxe  Viewer  Edition  is  a  premium  version 
of  its  PictureMate  printer,  with  new  features  such  as  a  color  LCD  and  extra 
printing  and  editing  features  to  let  users  print  photos 
without  connecting  to  a  PC.  The  new  printer  also  can 
print  photos  as  fast  as  75  seconds,  a  40%  improve¬ 
ment  over  the  original  PictureMate. 

The  2.4-inch  color  LCD  screen  has  a  tilt  adjust¬ 
ment  to  let  viewers  see  images  before  they  print 
them,  watch  a  slide  show,  crop  photos  or  pre¬ 
view  adjustments  made  for  brightness,  satu¬ 
ration  or  sharpness,  Epson  says.  The  new 
printer  features  Epson’s  new  “print  by  date” 
feature  that  lets  users  select  and  print  photos 
taken  on  specific  dates.  It  also  now  can  print  3- 
by-4-inch  mini-wallet  size  photos  in  addition 
to  its  classic  border  and  4-by-6-inch  borderless 
photos.  An  optional  internal  battery  ($70)  can  v 
be  added  to  let  users  print  photos  up  to  two 
hours  (about  60  to  80  photos)  without  being 
plugged  in  (the  battery  then  can  recharge 
via  AC  power). 

The  Deluxe  Viewer  Edition  will  cost  $250 
and  is  expected  to  be  available  later  this 
month,  Epson  says. 
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|IEW  EMC®  DANTZ®  RETROSPECT®  7  SOFTWARE  MAKES  SPEED  AND  EASE  OF  USE  A 
BACKUP  REALITY.  Now  you  can  perform  fast,  automated  backups  to  disk.  Use  the  disk 
copies  for  quick  restores.  Arid  stream  that  data  to  tape  for  offsite  storage,  just  a  few  clicks 
will  we  you  up  and  running.  Ease  of  use,  unparalleled  restore  accuracy,  and  complete 
F  otection  for  servers,  desktc  s,  and  notebooks  are  why  thousands  of  small  and  midsize 
businesses  rely  on  Retrospect. 

For  a  free  trial,  v  sit  www.emcdantz.com,  phi  le  877-738-7687,  or  contact  your  js^] 
nearest  EMC  Dantz  Retrospect  reseller.  HH 
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Security 
chief 

Don’t  ditch  the  landUne  yet 

Home  VoIP  is  cool,  but  needs  safety  and  reliability  fixes  first. 


Eight  million  households  are 
using  VoIP,  according  to  Syn¬ 
ergy  Research  Group  —  no 
doubt,  some  of  your  friends  and  family 
among  them.  And  they’re  probably 
unaware  that  VoIP  raises  safety  and  reli¬ 
ability  issues  that  have  yet  to  be 
worked  out. 

So  here’s  the  best  piece  of  advice  you 
can  give  them:  Don’t  ditch  your  land 
line  or  wireless  service  just  yet.  For 
starters,  there’s  no  guarantee  that 
when  they  need  it  most,  home  VoIP 
users  will  get  a  connection  to  a  live,  911 
operator. 

That’s  because  of  a  lack  of  standards 
between  service  providers  and  trans¬ 
port  carriers,  particularly  at  the  trunks 
to  the  call  centers,  where  a  call  could 
potentially  drop  off. 

Houston  family  dials  911 

That  happened  to  a  Houston  family 
when  Peter  John  and  his  wife  were  shot 
during  a  botched  home  robbery  and 
couldn’t  reach  91 1  on  their  VoIP  phone, 
according  to  an  April  Associated  Press 
report.  When  the  couple’s  daughter 
discovered  her  injured  parents  and 
dialed  911  on  the  VoIP  phone,  she  got 
a  recording  telling  her  to 
hang  up  and  dial  911  on 
another  phone. 

Providers  such  as 
Vonage,  which  has  no 
direct  trunks  to  911  oper¬ 
ators,  will  place  the  calls 
for  you  as  long  as  you 
remember  to  register 
your  phone’s  where¬ 
abouts  and  update  the  registration 
when  you  move.  Otherwise,  Vonage 
has  no  way  of  knowing  that  the  emer¬ 
gency  call  should  be  dispatched  to  the 
emergency  services  center  in  your 


new  location,  says  Louis  Mamakos, 
CTO  of  Vonage. 

There  are  signs  this  problem  will  be 
resolved  by  year-end.  Deeds  are  being 
cut  between  VoIP  service  providers  and 
trunk  operators. 

And  network  providers  such  as 
Level  3  Networks  are  trunking  cable 
into  public  services  answering  points 
so  VoIP  users  of  its  Enhanced  911 
service  can  reach  emergency  dis¬ 
patchers  regardless  of  the  phone’s 
location. 

Other  security  issues  around  VoIP 
require  proper  authentication,  firer 


wall  and  VPN  tunneling,  which  have 
yet  to  become  standards 

In  the  meantime,  remind  users  that 
the  Internet  is  less  reliable  than  ded¬ 
icated  circuits. 

Calls  could,  for  example,  be  slowed 
or  lost  in  the  event  of  a  widespread 
virus  or  worm  affecting  traffic,  such 
as  SoBig  and  others. 

To  be  safe,  tell  them  they  should  have 
a  back-up  telephone  system. 

Radcliff  ( www.deb.radcliff.com )  is 
a  freelance  writer  specializing  in  online 
safety  and  network  security. 


Best  practices  for  securing  VoIP 


Four  safety  tips  to  ensure  a  successful  VoIP  migration: 

1 .  Secure  the  account:  During  account  setup  and  updates,  the  provi¬ 
sioning  of  resources  to  users  should  be  conducted  over  an  encrypted 
tunnel  with  strong  authentication.  Be  wary.  Not  all  service  providers 
do  this.  And  that  leaves  the  boxes  vulnerable  to  hijacking  and  mali¬ 
cious  code  injection,  says  Louis  Mamakos,  Vonage  CTO. 

2.  Secure  the  network:  VoIP  opens  vulnerable  ports  through  net¬ 
work  address  translation  firewalls  and  forgets  to  close  them.  Look  for 
hardware  that  provides  an  all-in-one  firewall  and  voice.  Service 
providers  also  offer  firewall/VoIP  boxes,  or,  at  the  least,  the  voice 

adapters  should  be  able  to  synchronize  with 
existing  firewall/routers. 


Cisco  in  March  announced  its 
shipment  of  more  than 

making  it  the  most  successful 
pro  uct  launch  the 
comj  ny’s  histc  y. 


3.  Secure  the  call:  Pick  a  box  that  includes 
easy  VPN  setup.  While  most  VoIP  service 
providers  don’t  encrypt  calls  across  the  Internet 
yet,  they  will,  especially  because  companies 
already  demand  this,  says  Doug  Makishima, 
vice  president  of  products  for  Intoto  Software, 
platform  provider  to  residential  and  SOHO 
gateway  vendors. 


4.  Secure  the  chain:  Competing  signaling  security  standards  and 
carriers  can  cause  outages  and  delays  as  VoIP  data  traverses  the 
Internet.  Look  for  vendors  that  use  SIP  to  support  multiple  standards, 
such  as  Secure  Real  Time  Protocol  and  IPSec. 
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Get  the  Performance 


YOU  Paid  For! 


Protect  Your  Sound  &  Video  Equipment 

With  Tripp  Lite  Home/Business  Theater  Power  Protection! 


Tripp  Lite  has  adapted  its  award-winning 
isobar  technology  for  the  home/business 
theater  market!  Now  you  can  enjoy: 

Ultimate  Protection 

Superior  surge-blocking  architecture/highest 
joule  ratings  in  their  class  provide  the  best 
protection  available 

Enhanced  Audio/Video  Performance 

Exclusive  'me  noise  filtering  technology  delivers 
crystal  clear  signals 

Continuous  Viewing  During  Blackouts 

(UPS  system  only) 

Battery  backup  support  preserves  recorder/ 
receiver  settings  and  programming 


Peak  Performance! 

Sharper,  Crisper  Video 
Deeper,  Fuller  Audio 
Longer  Component  Life  Span 


HTI500UPS 


»  3  hr.  runtime 
(recording)/! 5  min. 
runtime  (viewing)* 

•  8  outlets;  6  ft.  cord 

•  I  -line  coaxial  (gold) 
surge  protection 

•  I  -line  tel/modem 
surge  protection 

•  USB  port;  software  for 
automatic  PC  receiver 
shutdown 

•  $  1 00,000  Insurance 


HTPOWERBARIQ 
Isobar®  Surge 
Suppressor 


•  1 0  outlets;  8  ft.  cord 

•  5700  joule  rating 

•  Input  voltage  LED  set 

•  Isolated  Filter  Banks; 
metal  housing 

•  3-line  coaxial  (gold) 
surge  protection 

•  I  -line  tei/modem  surge 
protection 

®  $500,000  Insurance 


HTIODBS 
Isobar®  Surge 
Suppressor 


•  1 0  outlets;  8  ft.  cord 

•  3570  joule  rating 

•  Isolated  Filter  Banks; 
metal  housing 

•  3-line  coaxial  (gold) 
surge  protection 

•  I  -line  tel/modem/ 
network  and  I  -line 
tel/modem  surge 
protection 

•  $500,000  Insurance 


*  !  0  outlets;  1 0  ft.  cord 

*  3345  joule  rating 

*  3-line  coaxial  (gold) 
surge  protection 

*  I  -line  tel/modem/ 
network  surge 
protection 

*  $250,000  Insurance 


•  7  outlets;  6  ft.  cord 

•  1 680  joule  rating 

•  2-line  coaxial  surge 
protection 

•  i  -line  tel/modem  surge 
protection 

•  $100,000  Insurance 


•  7  outlets;  6  ft.  cord 

•  1 080  joule  rating 

•  I  -line  coaxiai  surge 
protection 

•  $50,000  Insurance 


For  more  information, 
visit  www.tripplite.com/hometheater 


Typical  runtime  based  on  VCR  recording.  Actual  runtime  may  vary  based  on  battery  condition  and  load. 


WIN  an  HTIODBS 

Home/Business  Theater  Surge  Suppressor!  $189.99  value,  msrp 

Register  online  at  WWW.tripplite.com/netlifewin  for  your  chance  to  win 
this  advanced,  premium-quality  Surge  Suppressor. 

No  purchase  necessary.  Valid  through  6/30/05. 


TRIPPUTE 

POWER  PROTECTION 


I  I  I  I  W.  35th  Street,  Chicago,  IL  60609 
773.869.1234  •  www.tripplite.com 
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Maxtor  Shared 
Storage  Drive 

Netgear  Double  108 
Mbps  Wireless 
Firewall  Router 


NAS  gets  exciting  (sort  of) 

Maxtor  drag-and-drop  feature  gets  us  giddy;  but  where’s  the  backup? 


Maxtor  Shared  Storage  Drive 

Price: 

Installation  time: 

Ongoing  maintenance: 

Bottom  line: 


■  BY  JAMES  E.  GASKIN 

Maxtor  knows  hard  disk  drives,  as  its 
OneTouch  external  drives  have  great  mar¬ 
ket  presence.  The  company  recently 
moved  into  the  network-attached  storage 
market  with  its  Shared  Storage  Drive. 

We  tested  the  device  and  were  surprised 
at  some  of  the  choices  Maxtor  made  with 
the  product,  aimed  at  the  home  and  small- 
business  markets.  It’s  as  if  Maxtor  didn’t 
commit  to  providing  all  the  features  either 
market  needs  and  falls  just  short  of  both. 

Physically,  the  device  looks  like  a  One 
Touch  II  unit,  with  an  anodized  aluminum 
housing  and  a  small  fan  that  makes  little 
noise  yet  still  stays  cool.  Drive  capacities 
include  200G  or  300G  bytes  ($299  and 
$399  respectively). 

The  drive  behaved  as  a  proper  DHCP 
client  and  took  its  cue  from  our  network 
router.  It  also  can  act  as  a  DHCP  server,  but 
Maxtor  configured  it  correctly  to  look  for  a 
current  server  first  (not  always  the  case  in 
this  sector  of  the  NAS  market) .  Because  the 
IP  address  can’t  be  known  ahead  of  time, 
Maxtor  thoughtfully  puts  an  icon  in  the 
management  utility  in  a  Config  folder  on 
the  drive.  One  click  and  the  browser  con¬ 
nects  to  the  drive,  regardless  of  its  IP  ad¬ 
dress.  The  user  guide  says  only  Microsoft 
Internet  Explorer  6  is  supported,  but  Fire- 
fox  1.01  also  worked  for  us. 

Installing  client  software  on  each  PC  also 
creates  a  full  directory  structure  for  each 
user  on  the  Shared  Storage  Drive,  which  is 
private  by  default.This  encourages  users  to 
save  their  files  to  the  Maxtor  disk,  a  good 
idea  because  it  centralizes  storage  and 
makes  subsequent  backups  easier. 

The  setup  routine  was  smooth,  giving  us 
chances  to  change  the  drive  name  to  bet¬ 
ter  fit  a  current  network,  add  administrator 
passwords  and  perform  other  housekeep¬ 
ing  tasks.  Maxtor  adds  a  configuration 
page  listing  most  details  for  easy  printing. 


Our  first  surprise 
was  noticing  that 
the  Shared  Storage 
boxes  have  no 
back-up  software. 

Home  users  need 
backup  help,  and 
most  NAS  units  in¬ 
clude  back-up  soft¬ 
ware  to  run  on 
each  client  and 
store  back-up  files  on  the  NAS  hard  disk. 
True,  you  can  download  plenty  of  third- 
party  back-up  applications  or  even  trust 
Microsoft’s  back-up  utility  but  Maxtor’s 
lack  of  any  back-up  software  puzzled  us, 
especially  since  the  company  does  a 
good  job  with  its  external  PC  disk  units. 
Maxtor  says  it  plans  to  add  free  back-up 
software  this  summer. 

However,  the  excellent  new  drag-and-sort 
feature  on  the  box  almost  makes  up  for  the 
backup  oversight.  Client  software  installed 
on  each  PC  offers  the  option  to  turn  on 
this  feature,  in  which  dropped  files  are 
automatically  sorted  into  folders  named 
My  Documents,  My  Music,  My  Photos,  My 


Backup  (you  can  drop  files  there  directly 
for  backup  if  you  wish).  Drop  a  file  with  a 
.doc  extension  onto  the  Maxtor  desktop 
icon,  and  the  file  drops  into  the  My 
Documents  folder  (about  100  file  exten¬ 
sions  dictate  the  landing  folder  of  dropped 
files).  The  shared  folder  has  the  same 
structure  but  uses  the  names  Our  Music 
and  Our  Documents.  Unfortunately  drop¬ 
ping  files  onto  the  shared  folder  doesn’t 
invoke  the  drag-and-sort  feature. 

Like  a  business  device,  the  box  includes 
two  USB  ports  that  support  printers.  But 
like  a  home  device,  no  printer  manage¬ 
ment  controls  are  included.  Like  a  busi¬ 
ness  device,  one  or  both  of  the  USB  ports 
can  also  support  external  storage  devices. 
We  plugged  in  an  Olixir  Technologies  3DX 
180G-byte  Mobile  Data  Vault  and  got  good 
news.  The  user  guide  says  only  FAT32 
drives  are  supported,  but  the  NTFS-for- 
matted  Olixir  box  appeared  as  an  extra 
volume  on  the  Maxtor. We  re-formatted  the 
drive  as  FAT32,  and  it  showed  up  again, 
as  it  should. 

We  hope  Maxtor  figures  out  the  inconsis¬ 
tencies  and  Version  2.0  improves  upon  the 
excellent  start  here.  With  some  fixes,  the 
next  version  could  be  as  popular  in  the 
NAS  market  as  the  OneTouch  is  in  the 
external  disk  drive  arena. 

Gaskin  can  be  reached  at  readers @ 
gaskin.com. 
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Some  speed  bumps  in 
die  wireless  ‘fast  lane9 

Netgear  offers  802. 1  la/g  speeds,  weak  interoperability: 


■  BY  PETER  HEBENSTREIT 

If  gaming  and  multimedia  applications 
have  home  users  balking  at  bandwidth 
congestion  on  their  802.1  lg  networks,  the 
fast  lane  glow  of  802.1  la  beckons. 

Netgear’s  WGU624  (Double  108Mbps 
Wireless  Firewall  Router)  is  a  dual-band 

802.1  la/g  wireless  router  that’s  a  major 
step  up  from  single-frequency  gear.  By  tak¬ 
ing  advantage  of  the  802.11a  network,  you 
can  opt  to  connect  devices  over  the  less- 
congested  frequency.  The  “double  108” 
pitch  involves  using  two  separate  devices 
and  networks  to  connect  to  the  same  ac¬ 
cess  point.  But  don’t  think  you’ll  get  216M 
bit/sec  of  speed — you’ll  only  get  “108”  per¬ 
formance  on  two  distinct  networks. 

The  108M  bit/sec  speed  router  uses  pro¬ 
prietary  technology  to  improve  perform- 
ance.The  data  rate  appears  to  be  the  result 
of  data  compression,  packet  bursting  and 
large  frame  support,  rather  than  an  actual 
speed  increase.  By  utilizing  larger  packet 
sizes,  more  data  is  stuffed  into  each  packet; 
compressing  these  larger  packets  provides 
a  higher  throughput  rate  on  the  network. 

We  were  frustrated  with  several  configu¬ 
ration  settings,  and  interoperability  with 
non-Netgear  devices  was  so  poor  we  can’t 
recommend  this  for  non-Netgear  house¬ 
holds.  In  order  to  utilize  security  settings, 
all  connecting  devices  must  be  Netgear 
devices,  and  are  controlled  through  the 
Netgear  Smart  Wizard. 

802.11a  is  admirable 

Netgear  recommends  reserving  the 

802.1  la  network  for  high-bandwidth  appli¬ 
cations  such  as  gaming  and  multimedia. 
The“HOV  lane”is  used  when  the  otherwise 
crowded  2.4-GHz  range  limits  bandwidth 
resources.The  concept  is  admirable,  but 
without  the  ability  to  pool  the  bandwidth 
from  both  frequencies, you  must  configure 
specific  devices  for  each  network  individ¬ 
ually  and  use  them  independently  If  you 
have  only  a  few  devices  on  the  network, 
we  recommend  configuring  everything  on 
802.11a.  But  if  you  have  a  more  complex 


environment,  reserve  802.11a  for  those 
higher-bandwidth  applications. 

By  isolating  the  devices  that  require  more 
bandwidth  on  a  separate  network,  you 
allow  them  maximum  throughput. 
Additional  devices  on  the  same  fre¬ 
quency  also  can  add  noise  or  signal 
interruption,  which  will  affect  wire¬ 
less  performance  in  speed  and  range 
of  the  wireless  signal. 

Wireless  telephones  operating 
at  2.4  GHz  and  microwave 
ovens  affect  the  802.1  Ib/g 
wireless  frequency,  giving 
802.11a  an  initial  edge  in  pro¬ 
viding  a  clearer  signal  over 

802. 1  Ib/g  networks. 

A  limitation  of  the  108M  bit/sec  speed  on 
the  802.1  lb/g  network  is  that  it  must  use 
Channel  6,  the  default  (and  thus  most 
crowded)  channel  for  most  2.4-GHz  gear. 
However,  you  can  choose  which  channel 
you  use  on  the  802.11a  network,  further 
ensuring  less  data  congestion. 

Specific  speed  support  (such  as  the 
108M  bit/sec  rate)  must  be  configured  on 
client  devices  and  the  router.  If  the  router 
or  client  doesn’t  force  the  connection 
you’re  attempting,  it  will  fail  or  connect  at 
a  lower  speed.  For  example,  108M  bit/sec 
support  must  be  configured  on  all  net¬ 
work  devices  to  achieve  that  rate.  Al¬ 
though  Netgear  includes  the  ability  to 
auto-detect  compatibility  for  the  108M 
bit/sec  speed,  in  our  testing  it  didn’t  work 
as  documented. 

In  addition,  only  Netgear  adapters 
worked  with  any  of  the  security  settings 
enabled.  When  we  added  non-Netgear 
ones,  we  couldn’t  obtain  an  IP  address  on 
what  appeared  to  be  an  excellent  con¬ 
nection  to  the  access  point  (even  with  a 
static  IP  address). 

We  were  impressed  with  Netgear’s  Ex¬ 
tended  Range  technology,  which  extended 
the  range  of  both  the  802.1  la  and  b/g  con¬ 
nections  by  roughly  40  feet  in  our  tests. 

The  technology  aims  to  maintain  wire¬ 
less  connections  even  with  a  weak  signal, 


Double  108  Mbps  Wireless 


Price:  $157  retail  or  $105  through 
Amazon.com 

Installation  time:  1  to  5  hours 
depending  on  requirements  of 
security  and  speed 

Ongoing  maintenance:  Low 


Bottom  line:  Good  speed  boost  if 
you’re  a  Netgear  home  user. 


netoeac 


0 


1  2  3 


which  reduces  the 
number  of  dropped  connections  when 
working  at  the  outermost  edges  of  the 
network. 

Our  standard  bandwidth  monitors 
couldn’t  pick  up  the  108M  bit/sec  data- 
stream,  but  with  a  few  advanced  system 
tools  and  some  mdimentary  monitoring, 
we  could  see  a  speed  improvement  with 
the  108M  bit/sec  network  compared  with 
the  54M  bit/sec  settings.  On  average,  we 
saw  data  rates  of  9M  to  18M  bit/sec,  with 
bursts  up  to  31 M  bit/sec  on  the 

802.1  Ib/g/a  networks  when  using  the 
WG111U  (USB)  or  WG511U  (PC  Card) 
adapters.  When  connected  at  108M 
bit/sec,  we  saw  an  average  transfer  rate 
between  12M  and  24M  bit/sec,  with  bursts 
up  to  32M  bit/sec.  Most  of  the  packet 
frames  utilized  the  54M  bit/sec  packet  size, 
but  the  actual  data  rate  was  lower. 

The  basic  features  of  the  WGU624  are 
very  strong.  Site  blocking  is  exceptional, 
blocking  by  time  of  day  specific  domains, 
keywords,  IP  restrictions  and  exceptions, 
plus  e-mail  notification  when  rules  are  bro¬ 
ken.  The  router  also  lets  you  map  ports  to 
IP  addresses  to  better  track  network  usage. 
The  documentation  and  Web-based  con¬ 
figuration  tools  were  also  outstanding. 

Hebenstreit  can  be  reached  at 
peter _hebenstreit@nww.  com. 
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It’s  not  just  about  data  any  more. 
Home  storage  strategies  need  to  take 
into  account  everything  from  photos 
to  music  and  movies.  id 


I  BY  JAMES  E.  GASKIN  2 

Home  network  users  are  making  the  same 

storage  mistakes  business  network  users  did 
in  the  mid-1980s.  The  IBM  XT,  with  its  whopping 
lOM-byte  hard  disk,  let  users  keep  their  own  files,  defus¬ 
ing  the  push  to  use  file  servers  to  centralize  storage. 
Decisions  about  storage  locations,  file  organization  and 
back-up  tools  —  critical  for  the  office  20  years  ago  —  now 
must  be  made  in  every  home  with  two  or  more  PCs. 

Most  homes  have  a  junk  drawer  (or  closet)  used  to  hide  items.  If  your 
friends  and  family  use  their  PCs  as  a  junk  drawer,  you  will  get  called  for 
help  far  more  often  than  you  want.  A  messy  home  data  storage  system  will 
cause  endless  frustration  and  money. 

When  the  question,  “How  do  I  add  more  storage?”  comes  your  way, 
remember  (but  don’t  admit)  your  early  mistakes  and  push  them  toward  cen¬ 
tralized  storage. 

Granted,  your  next-door  neighbor  won’t  come  and  say  “please  help  me 
backup  more  often”  even  though  he  should.  But  if  you  recommend  the  right 
storage  plan,  backups  should  be  easier  and  performed  more  often. 


5torage  upgrade  options 

Replacing  a  hard  disk  with  a  larger 
one  (or  adding  a  second  drive)  was 
once  the  only  affordable  choice  for 
home  users.  External  hard  drives 
connected  via  USB  now  are  becom¬ 
ing  more  popular,  as  the  USB  2.0 
standard  has  increased  throughput 
considerably. 

External  USB  hard  drives  automat- 


USB  EXTERNAL  HARD 
DRIVES  ARE  GOOD  FOR: 

■  Adding  extra  disk  storage  without 
opening  the  computer  case. 

■  Individual  PC  backup  (most  users) 

■  The  new  sneakernet 
(transfer  between  PCs). 


lO  June  6,  2  0  0  S 


Network  Life 


www.metworklifem 


ag.com 


A  ically  appear  as  usable  storage  in  Windows  2000  and  XP  systems.  The 
A  drives  can  be  moved  between  computers,  which  gives  a  21st  century 

|iM  twist  on  the  sneakernet  of  old,  where  people  carried  floppies  from 

computer  to  computer  (and  overwrote  files  hither  and  yon). 

|||n  The  drives  can  provide  back-up  services,  and  many  units  come  with 
iPr*  fairly  sophisticated  back-up  software.  The  Iomega  REV  drive,  an  up- 
date  of  its  old  Zip  drives,  hold  35G  bytes  rather  than  100M  bytes  and 
comes  with  real-time  back-up  software  keyed  to  file  changes.  While 
fMwmm  counting  on  users  to  reliably  use  these  back-up  options  for  one  PC 
might  turn  out  well,  normal  users  won’t  move  the  devices 
between  systems  enough  to  get  good  backups.  Pricing  for  exter- 
nal  USB  hard  drives  has  dropped  to  less  than  a  $1  per  gigabyte, 
and  they  are  best  used  as  a  way  to  expand  current  systems. 

The  USB  thumb  drive  has  become  the  new  floppy.  Some  devices,  such  as  the 
Cruzer  line  from  SanDisk,  now  include  automatic  folder  synchronization  soft¬ 
ware  (PocketCache)  aimed  at  being  used  for  backup.  Unfortunately,  this  only 

works  for  one  PC  because,  like  the  REV  drive, 
I  users  probably  won’t  remember  to  use  the 
software  on  multiple  machines.  Depending 
1  on  capacity,  pricing  ranges  from  $10  to  $200 
for  a  20G-byte  portable  drive. 

Although  you  understand  the  nature  of 
H  users  and  don’t  expect  much,  remind  your 
§§  family  and  friends  that  USB  drives  are  not  a 

J  legitimate  option  for  extra  storage  or  regular 
backup,  except  for  one  computer.  Even 
though  the  new  Kanguru  Zipper  Pro  USB  drive  ($199)  holds  20G  bytes  in  the 
space  of  six  stacked  credit  cards,  these  devices  aren’t  suitable  for  shared  net¬ 
work  storage  because  they  generally  get  attached  to  one  PC. 


Getting  !MA5-t.y 

With  more  PCs  attaching  to  the  home 
network,  network-attached  storage  (MAS) 
devices  look  like  a  better  way  to  pull  stor- 
age  out  of  the  computer  case.  NAS  vendors 

are  finally  helping  home  users  organize  liUt|||3S!3y33S^®ES2iJ|| 
their  storage  and  setting  the  stage  for  a  1 
huge  leap  in  home  data  management. 

Parks  Associates  estimates  about  200,000  home  NAS  units  were  sold  in  the 
U.S.  last  year,  about  1%  of  the  total  home  network  market.  The  cost  of 
home-appropriate  NAS  units  has  been  hovering  at  around  $2  per 
gigabyte,  but  three  things  will  drive  down  that  price: 

•  Broadcom’s  “NAS  on  a  chip”  that  includes  the  network 
| operating  system  for  these  types  of  devices. 


PORTABLE  USB  DRIVES  (CAPACITIES 
RANGE  FROM  64M  BYTES  TO  20 G 
BYTES)  ARE  GOOD  FOR: 

■  Backing  up  several  PCs  (reliable  users  only). 

■  Moving  files  between  office  and  home. 

■  Moving  files  between  home  and  school. 


PORTABLE  USB  DRIVES 
ARE  BAD  FOR: 

■  Multiple  system  backups 
(people  regularly  won’t  do  it), 

■  File  sharing  among  home 
computers. 


•  Buffalo’s  TeraStation  device,  which  packs  a  ter¬ 
abyte  of  storage,  brings  the  price  down  to  about  $1 
per  gigabyte. 

•  Mainstream  acceptance  of  storage  issues. 

You  might  think  it  silly  to  push  home  users  toward  NAS,  but 

these  are  not  the  same  kind  of  NAS  boxes  you  see  in  the  data 
center.  The  home  NAS  systems  are  basically  USB  external 
hard  drives  with  a  minimal  network  operating  system.  Each 
system  we’ve  tested  runs  some  type  of  embedded  Linux  that 
stays  well  hidden  under  a  browser-based  administration  util¬ 
ity.  This  provides  rudimentary  file  locking  that  works  fine 


with  standard  commercial  applications  and  pro¬ 
vides  file  access  (in  most  cases)  for  Macs  and 
Linux/Unix  systems  through  the  Network  File 
System. 

So  far,  a  lack  of  interest  in  the  market  hasn’t  slowed  NAS 
innovation.  Buffalo’s  TeraStation  ($800,  $1,000  or  $2,000, 
depending  on  capacity)  might  be  the  ultimate  home  net¬ 
work  bling.  Tritton  offers  a  NAS  box  with  built-in  wireless 
access  and  another  model  that  packs  a  NAS  into  a 
router/firewall  and  wiring  hub.  SimpleTech’s  SimpleShare 
VHS-cassette  sized,  sleek,  aluminum  case  looks  at  home 


BACKUP  1 0 1 


Corporate  data  backup  is  auto¬ 
matic  and  reliable  and  the  data  is 
stored  off-site  for  disaster  recovery 
and  redundancy.  Home  data  back¬ 
up  is  infrequent,  untested  and  one 
hard  disk  failure  away  from  useless. 
Yet  family  photos  and  personal 
e-mail  mean  more  to  people  than 
any  corporate  sales  report.  Family 
and  friends  often  don't  know  how  to 
protect  that  data. 

With  downloaded  music  costing 
about  99  cents  per  song,  hundreds 
of  hours  of  music  can  add  up  to 
about  $1,500  —  more  expensive 
than  the  computer  holding  the  files. 
A  180G-byte  hard  drive  can  store 
more  than  $40,000  of  digital  music. 
That's  a  serious  dollar  loss,  and  it 
should  get  your  family  and  friends 
to  think  about  backup,  especially 
because  that  music  is  worthless  if 
the  licensing  file  gets  lost. 

What:  to  backup 

Home  users  don't  need  snapshot 
disk  images  so  they  can  recreate  a 
system  within  an  hour.  Help  them 
collect  their  operating  system  and 
application  CDs  and  keep  them  in 
one  place,  so  in  case  they  must  for¬ 
mat  or  replace  a  hard  disk,  they  can 
reinstall  everything  easily,  if  not 
immediately. 

Most  people  want  to  back  up  the 
following: 

•  Financial  records 

•  E-mail  from  family  and  friends 

•  Music 

•  Genealogical  data 

•  Photos 


Financial  records  are  easy 
because  they  don't  take  tons  of 
room.  After  a  decade  of  using 
Quicken,  my  backup  folder  is  less 
than  60M  bytes.  That  will  fit  on  a 
USB  thumb  drive  or  CD,  and  will 
even  fit  on  any  Iomega  Zip  disk  for 
mat  (they  start  at 
100M  bytes). 

E-mail  causes 
more  problems. 

Microsoft's 
Outlook  and 
Outlook  Express 
are  the  most  pop¬ 
ular  products, 
and  they  encour¬ 
age  people  to 
keep  everything 
inside  those 
applications. 

Unfortunately,  the 
Outlook  PST  file 

grows  fat,  fragmented  and  fragile 
over  time.  Worse,  copying  the  open 
PST  file  is  difficult  for  many  back-up 
applications,  so  users  often  must 
close  Outlook  for  a  good  backup 
(close  all  applications,  reboot  the 
computer,  then  back  up  t©  get  those 
open  files). 

Users  who  rip  music  from  their 

own  CDs  already  have  a  backup . 

the  CD  itself.  Users  who  rip  music 
from  their  old  albums  might  want  to 
protect  those  files  because  of  the 
extra  hassle  getting  the  music  from 
vinyl. 

Users  who  download  music  must 
pay  particular  attention  to  their 
licensing  files.  Back  these  up  in 


THREE  WAYS  TC 
BACK  UP  FOR  FREE 


i .  E-mail  critical  files  to  a 
friend  or  family  member. 

Use  the  huge  disk  space 
available  from  e-mail 
providers  such  as  Google  Mail 
(1G  byte)  and  SBC/ Yahoo  DSL 
(2G  bytes  e-mail  storage)  and 
e-mail  your  files  to  yourself. 

3 .  Use  extra  storage  on  a  fam¬ 
ily  or  business  Web  site  to 
store  back-up  files. 


multiple  places,  including  to  USB 
thumb  drives  and  even  floppies  if 
the  file  is  small  enough.  Losing  the 
licensing  file,  which  is  tied  to  one 
computer  only,  makes  the  down¬ 
loaded  music  worthless. 

Grandparents  tend  to  get  comput¬ 
ers  for  e-mail  and 
genealogy.  Most 
historical  data 
comes  on  CDs  in 


the  genealogy 
application,  but 
more  sites  now 
offer  download¬ 
able  census  data 
and  the  like. 
These  files  can  be 
fairly  massive,  but 
burning  each  to 
its  own  CD  is  a 
great  idea. 

For  photos, 

the  following  four  steps: 

1.  Use  an  online  photo  album 
keeping  a  copy  of  all  important 
photos  there. 

2,  Get  film  processed  and  deliv¬ 
ered  on  CDs  so  users  will  have  a 
digital  copy  as  well  as  the 

3,  Copy  all  photos  dire* 
the  camera  to  a  CD  b 
than  a  hard  -disk.  This  gives  a  1 
up  immediately,  and 
and  date  the  CDs  like  they  labeled 
photo  envelopes. 

4.  Send  family  phot©  sets  on  CDs 
or  DVDs  to  parents  and  siblings. 
Sharing  the  photos  m  mox ©  fait, 
and  safer,  th an 
hard  disk. 
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among  expensive  audiophile  equip¬ 
ment  (and  is  silent).  Linksys  has  two 
different  units  with  removable  hard 
disk  trays  for  easy  capacity 
upgrades  (one  tray  is  empty  to  start 
on  the  base  units). 

Hitachi  plans  to  release  its  own  half¬ 
terabyte  home  NAS  unit  this  year 
(because  Hitachi  makes  a  consider¬ 
able  number  of  high-performance 
disks,  this  could  be  a  screamer  aimed 
at  audio/videophiles). 

All  NAS  units  for  homes  and  small  businesses  include  some 
level  of  client  back-up  software  (albeit  often  poor).  Luckily, 
readily  available  back-up  software  can  be  used  with  any  of 
the  NAS  units  on  the  market. 

All  home  NAS  units  rely  on  Microsoft  client  network  proto¬ 
cols  and  security,  leav¬ 
ing  much  to  be  desired 
for  a  small  business  user 
but  a  workable  system 
for  home  users.  Some 
experience  in  network 
design  will  make  life  eas¬ 
ier  for  home  NAS  users. 


Getting  home  users  to  buy  a  NAS  can 
be  tough.  They’ll  say  they  can  share  an 
attached  USB  hard  drive  with  other  net¬ 
work  users. 

Technically  true,  but  this  relies  com¬ 
pletely  on  Microsoft  network  protocols 
and  user-access  permissions,  which 
varies  considerably  depending  on  the 
reliability  of  the  operating  system 
version  on  the  host  computer  (as 
well  as  the  sophistication  of  the 
users).  It  also  eliminates  block¬ 
ing  the  host  user  from  any  of  the 
files  stored,  and  Windows  pass¬ 
through  file  performance  isn’t 
great. 

If  you  can’t  convince  them  to 
go  for  a  NAS,  dedicating  an  older 
computer  to  become  the  storage 
server  will  provide  many  of  the  same  features.  You’re  still 
stuck  with  strictly  Windows  networking  and  security,  but  in  a 
home  setting  this  can  be  handled,  especially  if  no  one  uses 
the  computer  as  a  PC.  Configure  it  and  then  take  away  the 
keyboard  and  monitor.  You’ll  have  some  control  over  which 
users  access  which  folders  when  you  enable  user-level  secu- 


HOME  NAS  IS  GOOD  FOR: 


Sharing  files  (digital  photos  and 
music  files,  particularly). 

Non-client-attached  backup  (over 
the  home  network). 

Offering  a  shared  print  server 
(some  models). 

Organizing  files. 


WHY  NAS  IS  BAD: 

■  Pricier  than  a  comparable 
USB  external  hard  disk  unit. 

■  Experience  is  needed  to 
adjust  the  poor  default 
security  settings. 


There  are  stages  to  computer  crash 
grief:  first  is  disbelief,  then  curses, 
then  pleadings  to  a  higher  power 
(this  is  when  they  call  you),  then  ham¬ 
mers.  With  your  help,  your  friend  or 
family  member  can  say  goodbye  to 
the  old  hard  disk  (through  reformat¬ 
ting  or  replacement)  and  embrace 
the  new.  But  they  have  lost  their  inno¬ 
cence.  Use  that  to  your  advantage. 

During  reconstruction,  change  their 
behavior.  They  now  will  accept 
change  because  they  have  no  choice 
and  have  to  start  from  scratch.  Set  up 
the  second  data  disk  partition  on 
their  hard  disk.  Gather  all  the  appli¬ 
cation  disks  and  store  them  together 
for  the  next  time  (there  will  be  a  next 
time,  I  promise).  Gather  all  the  inade¬ 
quate  backups  (on  their  various  CDs) 
and  break  the  news  gently  about  how 
lousy  the  backup  has  been. 

Drive  partitioning 

When  the  operating  system  and 
data  live  on  different  disks  or  parti¬ 


tions,  reformatting  and  reinstalling 
the  operating  system  and  applica¬ 
tions  is  less  time-consuming 
because  you  know  your  data  is 
safe.  Drives  will  fail,  and  operating 
systems  will  collapse,  so  prepare 
for  an  easier  recovery  next  time. 

Each  drive  partition  looks  like  a 
separate  physical  drive  to  the 
operating  system,  and  one  large 
disk  can  support  multiple  virtual 
drives.  Good  luck  explaining  that 
to  your  neighbor  who  goes  by 
“Crazy  Bill.” 

I  learned  the  hard  way  that  creat¬ 
ing  separate  application  and  data 
partitions  can  save  hours  of  frustra¬ 
tion  when  the  operating  system 
must  be  reinstalled.  Windows  XP 
(both  Home  and  Pro  versions) 
make  it  easier  to  move  the  My 
Documents  folder  from  Drive  C  to 
a  different  drive  letter  (Start  >  right 
click  My  Documents  >  Properties  > 
Move).  When  the  data  sits  on  a  dif¬ 
ferent  partition  from  the  operating 


system,  reformatting  and  rein¬ 
stalling  the  operating  system  does¬ 
n't  touch  the  data.  You  must  still 
reinstall  the  applications,  but  the 
data  remains  safe  (as  long  as  you 
back  it  up). 

The  ratio  of  apps  to  data  partition 
size  depends  on  the  user.  Standard 
Microsoft  Office  documents  take 
relatively  little  room,  and  I  appor¬ 
tion  the  storage  space  two-thirds 
Apps,  one-third  data.  Users  into 
digital  photography,  music  creation 
or  copying,  and  any  video  applica¬ 
tions  should  reverse  that  ratio  at  a 
minimum.  Because  an  hour  or  two 
of  digital  video  can  take  tens  of 
gigabytes  of  disk  space,  you  might 
need  a  1  to  10  apps  to  data  ratio  for 
video  fans. 

Adding  a  second  partition  to  the 
hard  disk  adds  another  drive  letter. 
You  can  leave  the  data  partition  as 
E,  or  use  Windows  XP  System  Tools 
Drive  Management  to  change  the 
assigned  drive  letters. 
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RECOVERING  DATA:  HOW  MUCH  IS  THAT  PHOTO  WORTH? 


Photos  drive  disk  recovery  serv¬ 
ices  because  people  will  leave 
their  only  photos  of  a  special 
event  on  a  wheezing  hard  drive 
with  no  backup.  It's  a  common 
mistake:  When  the  photo  goes  to 
the  computer  and  the  camera 
memory  cards  get  erased  for  the 
next  batch  of  photos,  we  forget 
about  backing  up  the  new  photos 
from  the  computer. 

Or  the  camera  will  crash  and 
keep  the  photos  locked  up  in  its 
flash  drive. 

Recovering  a  crashed  hard  disk 
takes  money,  starting  with  a  non- 
refundable  $200  diagnostic  fee 
(from  DataDoctors.com,  headquar¬ 


tered  in  Tempe,  Ariz.,  with  more 
than  100  storefronts  around  the 
country).  Software  fixes  to  the 
operating  system  (usually  spyware 
cleanup)  can  be  done  for  the  cost 
of  labor,  but  if  the  drive  has 
mechanical  problems,  the  meter 
starts  at  or  near  $1 ,000.  Services 
can  cost  many  times  that  depend¬ 
ing  on  the  complexity  and  speed 
requested. 

Of  course,  damage  to  the  hard 
drive  means  you  can't  get  all  the 
data,  but  Data  Doctors  works  to  get 
all  they  can.  Ken  Colburn,  presi¬ 
dent  of  Data  Doctors,  says  that 
30%  of  his  business  is  home  users, 
double  that  of  just  a  few  years  ago 


when  backup  was  something  peo¬ 
ple  only  did  in  their  cars.  Colburn 
says  10%  to  15%  of  their  data- 
recovery  customers  are  repeat 
customers. 

Inform  friends  and  family  that  a 
drive  being  sent  out  for  recovery 
has  the  chance  of  being  read  by 
someone  at  the  service  location. 
Unfortunately,  the  only  way  to  verify 
a  file  has  been  recovered  is  to  read 
that  file,  but  that  makes  some  peo¬ 
ple  nervous. 

But  if  your  information  is  worth 
more  than  $1,000,  you  might  not 
care  if  a  service  technician  takes  a 
look  at  your  first  grandchild  enter¬ 
ing  the  world. 


rity.  The  important  distinction  is  to  move  storage  from  a  PC 
to  a  shared  device,  either  a  NAS  unit  or  a  “server,”  to  make 
backup  easier. 

Organizing  files 

The  My  Documents  folder  has  become  the  junk  drawer  for 
millions  of  PCs  and  billions  of  files.  Sharing  the  My 
Documents  folder  between  different  users  on  one  computer 
turns  sibling  rivalry  into  high-tech  warfare.  Sharing  a  single 
folder  with  different  users  across  a  network  always  leads  to 
overwritten  and  accidentally  deleted  files,  and  a  total  lack  of 
backup-and-restore  compliance. 


AVOIDING  THE  NEXT 


To  protect  the  drive  electronics  (and  the  rest  of 
your  computer)  always  use  a  battery  back-up  UPS  to 
handle  voltage  spikes  and  sags,  A  surge  protector  is 
better  than  nothing,  but  well-protected  drives  cause 
less  grief. 

Organized  hard  disks  require  less  head  movement 
and  extends  the  drive  life  (less  wear  on  moving 
parts  means  longer  life).  They  also  make  for  easier 
data  recovery  if  necessary.  Microsoft  Windows  pro¬ 
vides  decent  utilities  for  disk  defragmentation  and 
disk  cleanup.  Run  these  every  quarter  and  after 
adding  or  deleting  a  large  number  of  files. 

Of  course,  always  back  up  the  system  before  run¬ 
ning  a  new  hard  drive  or  file  management  utility. 


Most  NAS  devices  come  with  a  Public 
or  Diskl  volume  open  to  all  network 
users.  Leave  tha,t  for  your  family  or  friends  to  play  with 
and  create  three  other  volumes:  Music,  Photos  and 
Backups. 

Volumes  for  most  home  NAS  devices  don’t  have  set  sizes, 
so  all  the  volumes  will  share  the  total  disk  space.  Separating 
the  volumes  in  this  manner  will  ease  backups, as  well  as  force 
some  organization  on  the  file  system. 

Families  that  want  private  folders  should  create  private 
volumes  and  assign  security  to  those  volumes.  “Money”  as 
a  volume  is  much  easier  to  keep  private  than  trying  to  set 
folder-level  access.  Such  settings  work  well  with  a  real  net¬ 
work  operating  system  and  directory  service,  but  home 
NAS  units  fall  short.  So  take  the  safe  way  and  create  private 
volumes. 

Properly  segmented,  individual  volumes  offer  more  backup 
flexibility  when  you  want  to  copy  the  collected  files  in  each 
volume.  Use  the  Backup  volume  to  store  each  individual 
user’s  files. 

Convince  your  family  and  friends  to  consider  storage  as  a 
shared,  not  personal,  computing  resource.  Today’s  home  net¬ 
work  shares  printers,  access  to  the  Internet,  and  video-  and 
audiostreams  —  it  also  can  share  the  movies,  songs  and  pho¬ 
tos  that  your  home  users  create. 

Adding  more  storage  to  the  network  is  like  adding  a  shed  or 
building  a  garage  —  but  if  you  don’t  help  organize  the  junk, 
you’ll  still  be  sweating  when  they  ask  for  help  in  finding 
something. 

Gaskin  writes  about  technology  and  has  been  helping  small 
and  midsized  businesses  use  technology  intelligently  since 
1986.  He  can  be  reached  at  readers@gaskin.com. 
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CrQIlitdlt  Ways  to  stream  media 


everywhere 


all  around  the  house. 


■  BY  ROB  GARRETSON 

Sure,  data  backup  is 
important.  But  every¬ 
body  knows  the  killer 
app  for  network  storage  is 
home  entertainment. 

Microsoft’s  Windows  XP  Media  Center 
Edition  2005  finally  supports  multiple  TV 
tuners,  high-definition  video  and  DVD 
burning.  At  least  30  vendors  offer  digital 
media  receivers  or  Media  Center  Exten¬ 
ders  that  stream  digital  content  between 
PCs  and  TVs  and  stereos.  DirecTV  plans  to 
unveil  its  Home  Media  Center  this  year, 
and  Comcast  recently  partnered  with  TiVo 
to  offer  its  software  and  service  on  Com¬ 
cast  digital  video  recorders  (DVR). 

But  before  you  start  advising  friends  and 
colleagues  to  turn  in  their  old  cable  boxes 
or  sell  their  satellite  receivers  on  eBay  take 
a  hard  look  at  the  cost,  complexity  and  sta¬ 
bility  of  today’s  home  media  options. 

The  Media  Center  PC  is  a  compelling 
concept  and  in  practice  would  make  ex¬ 
cellent  use  of  network  storage.Too  bad  it’s 
not  ready  for  prime  time.  Aside  from  the 
high  cost  —  between  $800  and  $2,000  for 
a  new  Media  Center  PC,  plus  $200  to  $500 
for  each  extender  necessary  to  connect  a 
TV  or  stereo  system  —  the  technology  is 
still  immature.  Your  users  won’t  tolerate 
glitches  such  as  lag  time  in  channel  chang¬ 
ing  or  an  HBO  movie  blocked  from  stream¬ 
ing  by  copy  protection. 

If  your  users  simply  want  to  stream  MP3 
or  WMA  music  to  multiple  rooms  in  the 
house,  there  are  several  digital  media 
adapters  ($150  to  more  than  $500)  that  are 
easy  to  set  up  and  work  well  even  on 
older,  relatively  slow  802. 1 1  b  networks.The 
$249  Roku  SoundBridge  Ml 000,  Slim 
Devices’ Squeezebox  ($249  for  wired,  $299 
for  wireless),  Creative’s  $200  Sound  Blaster 
Wireless  Music  adapter  and  the  $149 
Netgear  MP101  are  good  choices.  At  the 
high  end,  the  Sonos  Digital  Music  System 
($1,200  for  a  two-room  setup)  is  a  dream 
come  true. 


Your  Apple  iPod  fans  need  to  know  the 
only  way  to  stream  music  purchased  from 
Apple’s  popular  iTunes  service  is  to  buy 
Apple’s  own  digital  media  adapter.  The 
$150  AirPort  Express  includes  a  wireless 
router  (but  no  firewall),  a  USB  print  server 
and  both  802.1  Ig  and  wired  Ethernet  con¬ 
nections.  Many  media  receivers  will  play 
AAC  music  files  streamed  from  iTunes,  but 
the  protected  AAC  files  bought  and  down¬ 
loaded  from  iTunes  will  only  play  on  the 
AirPort. 

If  you  want  to  hear  FM  radio  or  if  you 
have  rooms  not  already  equipped  with 


stereo  speakers,  the 
$250  HomePod  MP 
100  from  MacSense  has  built-in  speakers, 
an  FM  radio  tuner  and  Internet  radio  fea¬ 
tures.  If  radio  isn’t  important,  an  inexpen¬ 
sive  wireless  boombox,  such  as  the  $130 
Linksys  WMLS11B,  can  add  streaming 


music  to  any  room. 


Options  for  photo  files 

To  stream  photo  files  stored  on  a  PC, 
consider  the  Linksys  Wireless-B  ($130)  and 
Wireless-G  ($230)  Media  Adapters,  the 
Philips  Streamium  SL300i  ($299),  the 
Pinnacle  ShowCenter  ($300),  Gateway’s 
Wireless  Connected  ADC-320  ($200)  or 
Prismiq’s  MediaPlayer  ($200).  These  all 
stream  JPEG  files  and  also  may  support 
GIF  BMP  TIFF  and  other  common  photo 
formats.  All  except  the  Linksys  Wireless-B 
model  can  also  stream  MPEG  video  files 
stored  on  a  PC  or  NAS  box,  but  bandwidth 
limitations  will  affect  performance. 

One  of  the  best  ways  to  stream  music 
and  share  photos  is  with  a  stand-alone 
TiVo  DVR  (not  the  combination  DirecTV 
satellite  receiver  with  TiVo).  The  TiVo 
Series2  box  (as  low  as  $99)  connects  to 
the  network  via  USB  (through  a  wired  or 
wireless  USB  adapter)  and  lets  you  stream 
MP3  files  and  photos  from  a  PC  running 
the  TiVo  Desktop  software  (a  free  down¬ 
load).  Multiple  TiVo  systems  can  stream 
recorded  movies  and  TV  shows  among 
them,  although  the  limitations  of  its  USB 
1 . 1  driver  makes  transferring  programs  for 
viewing  later  more  practical  than  stream¬ 
ing  shows  in  real  time. 

All  these  applications  perform  well  on 
wired  Ethernet  and  802.1  lg  wireless  net¬ 
works.  Only  streaming  video  struggles 
with  the  lower-speed  802.1  lb  net¬ 
works,  although  with  optimum 
signal  strength  some  streaming 
video  works  fine.  Unfortunately, 
high-definition  TV  is  the  one 
datastream  today’s  home  net¬ 
works  can’t  handle. 

Only  a  handful  of  DVRs  can 
record  and  store  broadcast  HD 
signals,  and  none  let  you  stream  or  copy 
those  huge  files. 


Garretson  is  a  freelance  writer  in 
Gaithersburg,  Md.  He  can  be  reached  at 
rgarretson@siarpower.net. 
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Everything  old  is 

new  again:  Repurpose  your  PCs 


BY  JAMES  E.  GASKIN 

artner  says  133,000  computers  per 
day  are  retired  or  replaced.  But 
instead  of  pitching  them  into  the 
dump  where  they  leak  mercury  and  lead,  try 
the  following  ideas: 

Back-up  server 

Every  modern  networked  family  needs  help  with  backups.  An 
older  PC  that  can’t  run  new  games  can  still  become  a  central 
back-up  server.  If  you  don’t  have  a  legal  Microsoft  Windows 
license,  you  can  load  just  about  any  flavor  of  Linux  and  support 
Windows  networking.  Keep  users  off  this  system  and  dedicate  it  as 
shared  storage  only,  and  you’ll  have  no  virus  or  spyware 
issues.Configure  the  system  without  a  password  so  it  boots  auto¬ 
matically  and  take  away  the  keyboard  and  monitor.  Aim  all  the 
other  computers’  back-up  target  directories  to  the  hard  disk  on 
this  system.  It’s  not  the  best  back-up  option  because  there's  no  off¬ 
site  storage,  but  it’s  better  than  nothing. 

Music  server 

Put  your  old  PC  near  your  entertainment  center  and  plug  the 
speaker-out  connector  to  one  of  the  auxiliary  inputs  on  your 
receiver  (you'll  need  a  stereo  1/8-inch  mini-plug  to  RCA  connec¬ 
tor  patch  cable  from  Radio  Shack). 

If  you  have  a  legal  Microsoft  Windows  license,  you  can  play 
a  huge  variety  of  Internet  radio  channels.  If  you  don't,  Linux 
versions  (free  or  very  inexpensive)  now  include  comparable 
media  players. 

You  might  want  to  eliminate  the  monitor  and  keyboard  for 
space  and  aesthetics.  If  you  don't  have  a  remote-control  utility 
check  out  RealVNC  for  a  free  utility  that  works  on  Windows  and 
Linux  systems  so  you  can  control  the  music  from  any  other  com¬ 
puter  in  the  house. 

E-mail  station 

Make  an  old  system  a  dedicated  browsing  or  e-mail  station  for 
family  members  to  use  when  the  primary  system  is  busy  Even  a 
Pentium  I  system  can  do  instant  messaging,  which  might  reduce 
the  conflict  level  in  homes  with  several  children. 

Strip  for  parts 

When  removing  computers  from  service,  go-to  guys  might  want 
to  pull  these  components  out  of  systems  destined  for  recycling  to 
help  make  future  repairs: 

•  Hard  disk.You  might  need  to  replace  one,  or  add  more  storage. 
But  if  you  do  discard,  get  a  file  eraser  utility  and  use  it  before  send¬ 
ing  the  disk  away 


NOAH  Z.  JONES 


•  Sound  board.  Enhanced  sound  boards,  particularly  those  that 
cost  $100  or  more,  provide  better  sound  and  more  features  than 
sound  chips  on  motherboards. 

•  Network  adapters.  Some  people  love  to  make  their  own  fire¬ 
walls,  and  you'll  need  two  network  adapters  to  make  that  work. 

•  Graphics  cards.  High-end  video  cards,  especially  gaming  ones, 
provide  more  performance  and  features  than  video  chips  on 
motherboards. 

Recycle  responsibly 

Leaving  a  PC  at  the  curb  isn't  a  good  solution.  Check  out  the 
National  Cristina  Foundation  to  give  computers  to  the  disabled. 
Check  out  Earth91 1  for  a  large  collection  of  recycling  locations 
and  information.  Look  at  dire  statistics  and  helpful  information 
from  the  Silicon  Valley  Toxics  Coalition  . 

Many  cities  provide  safe  recycling  drop-off  locations  for  elec¬ 
tronic  equipment.  If  your  city  doesn't  already  ask  them  to  start. 

Brand-name  manufacturers  are  being  pushed  to  recycle 
(more  in  Europe  than  in  the  U.S.).  On  Earth  Day  (April  23), 
companies  such  as  HP  and  Dell  announced  recycling  initia¬ 
tives  to  collect  old  equipment.  You  might  even  get  a  few- 
dollars  discount  on  your  next  machine  if  you  trade  in  your 
old  one. 

Some  fundraising  groups  (PTA,  Boy  and  Girl  Scouts)  are  start¬ 
ing  to  gather  old  ink  and  laser  jet  cartridges  from  printers  for 
money.  The  office  supply  giant  Staples  great  information  on  its 
Web  site:  (www.staples.com/products/spotlights/marketing/ 
rfe/default.asp).B 
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Hie  meaning  off  liffe  (er,  storage) 

Readers  wrestle  with  the  floppy  question,  SATA  vs.  PATA  and  a  computer  Catch-22. 


Sure,  you’re  network  IT  professionals.  But  the  problems  you 
solve  at  work  are  nothing  like  those  you  face  at  home.  Here, 
products  must  be  inexpensive,  easy  to  manage  and  quick  to 
implement.  That’s  why  Go-to  Guys  and  Gals  need  a  Go-to  Guy  of 
their  own.  That’s  me.  I’ve  fought  computers  for  20  years,  and  have 
published  15  books  and  hundreds  of  stories.  Got  a  computer  or  net¬ 
work  problem  that’s  keeping  you  up  at  night?  Send  it  to  me.  Here  are 
solutions  to  three  tough  questions  that  recently  landed  in  my  in-box: 


Traci  from  Boston:  My  com¬ 
pany  just  sent  me  a  new  notebook  com¬ 
puter  that  lacks  a  CD-ROM  drive,  along 
with  a  big  box  of  software  applications. 
How  the  heck  do  I  install  them? 

Coach:  Assuming  your  notebook 
has  a  network  connection,  you  can 
share  a  CD-ROM  from  another  com¬ 
puter.  Use  Windows  sharing  tools  by 
right-clicking  the  CD-ROM  drive  in  the 
‘My  Computer’  window  then  choosing 
Sharing  and  Security.  Most  applica¬ 
tions  will  install  this  way.  However, 
this  won’t  help  you  boot  the  notebook 
in  case  you  need  to  recover  from  a 
hard  disk  problem.  For  that  feature 
and  future  peace  of  mind,  get  an  exter¬ 
nal  USB-connected  CD-ROM  drive. 
Plain  CD-ROM  readers  cost  about  $50, 
or  splurge  for  an  external  CD-DVD 
read/write,  do-everything  drive  for 
about  $200. 

Frank  from  Philadelphia: 

Why  do  computers  still  come  with 
floppy  disk  drives? 

Coach:  It’s  like  your  appendix  — 
useful  once,  but  no  longer  —  floppy 
drives  seem  to  be  an  anachronism. 
However,  if  you  build  your  own  com¬ 
puter,  the  only  way  to  load  special 
drivers  during  Windows  installation 
is  via  floppy.  Stupid  but  true.  Maybe 
Microsoft  will  fix  this  oversight  in 


Longhorn,  meaning  we’ll  only  have 
to  keep  floppies  for  another  two  or 
three  years.  (Of  course,  you  can  al¬ 
ways  load  Linux  instead;  it  doesn’t 
need  a  floppy.) 

Jerry  from  Denver:  When  1 
took  my  kids  to  buy  a  new  computer, 
the  hard  drive  choice  was  between 
Parallel  Advanced  Technology  Attach¬ 
ment  or  Serial  Advanced  Technology 
Attachment  (my  son  wanted  PATA, 
and  my  daughter  demanded  SATA). 
What  happened  to  Integrated  Drive 
Electronics  ODE)  and  SCSI? 


Coach:  More  market  stupidity. 
Standard  IDE  hard  drives,  the  ones 
used  in  desktop  PCs  forever,  have  been 
renamed  PATA  drives,  supposedly  to 
help  differentiate  them  from  the 
newer  SATA  drives. 

In  choosing  a  drive,  take  your  daugh¬ 
ter’s  advice.  SATA  drives  are  much 
faster  (they  start  at  150M  byt e/sec 
throughput,  higher  than  IDE’s  top 
speed  of  133M  byte/sec),  and  use  a 
lower  voltage.  Because  the  drives  use 
only  seven  conductors  rather  than  40, 
manufacturers  can  replace  the  wide, 
flat,  ribbon  cable  with  a  much  thinner 
one.  The  connector  takes  much  less 
space  on  the  motherboard,  and  the 
connecting  cable  can  be  more  than 
twice  as  long  as  the  IDE/PATA  cable. 
Plus,  they  all  have  a  minimum  of  8M- 
byte  cache  for  better  performance 
and  cost  only  a  few  dollars  more. 

Also,  new  motherboards  have  at 
least  two  SATA  plugs  and  most  sup¬ 
port  RAID-1  disk  mirroring  with  mini¬ 
mal  configuration  hassle.  Two  drives 
and  two  connectors  and  BIOS  settings 
give  you  disk  fault-tolerance.  That 
said,  SCSI  drives  retain  a  performance 
advantage  over  SATA  drives,  at  least 
for  now,  and  remain  the  drive  of 
choice  in  servers  and  disk  subsystems. 

Alex  from  Dallas:  Are  there 
any  user-serviceable  parts  inside  a 
hard  drive? 

Coach:  Only  if  you  plan  to  turn  it 
into  a  paperweight  when  you’re  fin¬ 
ished.  Otherwise,  hard  drives  are  like 
race  cars:  If  you  open  the  hood, 
you’ve  lost. 

Got  a  computer  or  network  problem ? 
Send  stumpers  to  connectioncoac.h@ 
nww.com. 
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New  Internet  video  player  works  well,  but  where’s  the  compelling  content? 


With  its  on-demand  Internet 
video  player,  Akimbo  is 
testing  the  axiom,  “If  you 
build  it,  they  will  come.”  Akimbo  has 
stepped  up  with  a  good  device  and 
service  model.  But  for  it  to  fly,  content 
providers  need  to  offer  something  bet¬ 
ter  than  classic  movies,  music  videos, 
documentaries  and  independent  films. 
Setting  up  the  Akimbo  Player  (via 
Ethernet  or  USB-enabled  802.11b 
adapter)  and  online  service  is  easy. 
Convincing  someone  they’ll  want  to 
watch  Turkish  TV,  less  so. 

Akimbo  delivers  digital  video  over  the 
Internet  and  into  the  Akimbo  Player,  a 
set-top  box  that  connects  to  a  TV.  Like 
a  personal  video  recorder,  the  Akimbo 
Player  has  a  hard  drive  that  can  store  at 
least  150  hours  of  content.  The  Akimbo 
service  lets  users  download  content  on 
demand  over  a  broadband  connection. 
This  is  not  streaming  video:  The  con¬ 
tent  is  stored  on  the  Player’s  hard  drive 
before  you  can  watch  it. 

The  video  content  comes  in  about  50 
categories,  such  as  animation,  foreign 
language  channels,  classic  movies  and 
how-to  videos.  Popular  channels 
include  Turner  Classic  Movies,  A&E, 
Cartoon  Network,  CNN,  BBC  (content 
separate  from  BBC  America),  the  His¬ 
tory  Channel,  National  Geographic  and 
IFilm  (short  film  channel).  Adult  con¬ 
tent  is  also  available,  but  the  service 
includes  good  parental  controls  to  pre¬ 
vent  children  from  accessing  or  down¬ 
loading  it. 

We  set  up  the  Akimbo  Player  quickly 
and  easily.  There  are  three  cables  — 


The  Akimbo  Player  lets  users  store  up  to  150 
hours  of  content  from  places  such  as  IFilm. 

Network 


power,  Ethernet  and  composite  RCA  — 
that  connect  to  your  TV’s  video  input 
source.  Next,  we  went  to  the  Akimbo 
Web  site  to  activate  the  service  (pay  for 
the  subscription,  pick  a  username).  To 
download  content  to  the  device,  use 
the  Akimbo  interface  on  the  TV  via  the 
remote  control. 

Aside  from  free  content,  Akimbo 
offers  premium  programming,  offered 
either  as  a  rental  (one-time  charge)  or 
as  part  of  a  channel  membership  (ac¬ 
cess  to  all  premium  content  for  a 
monthly  fee).  The  service  also  offers 
subscriptions,  a  collection  of  related 
programs  (usually  free)  automatically 
delivered  to  the  box.  Premium  content 
ranges  from  50  cents  per  program  to 
$9.99  for  30  days  of  adult  content.  Most 
programs  cost  $2  to  $3. 

Some  content  (such  as  classic 
movies)  has  an  expiration  date  —  after 
30  days  (or  other  fixed  period)  the  con¬ 
tent  is  erased.  The  system  also  will 
erase  programs  once  the  hard  drive  fills 
up,  although  users  can  choose  to  save 
programs  that  don’t  expire  to  prevent 
the  system  from  deleting  them. 
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The  Akimbo  experience  is  a  cross  be¬ 
tween  streaming  Internet  video  on  a  PC 
and  on-demand  content  from  a  cable 
TV  provider.  Because  the  Player  is  con¬ 
nected  to  a  TV,  the  video  quality  is  bet¬ 
ter  than  on  streaming  video  for  a  PC. 
Yet  the  content  is  not  as  varied  as  cable 
TV  on-demand  offerings.  Akimbo  says  it 
doesn’t  compete  with  on-demand  cable 
programming,  but  it  inevitably  gets 
compared  with  it.  The  company  contin¬ 
ues  to  make  content  partnership 
announcements,  so  there  is  potential 
for  new  programming. 

With  a  $230  player  and  service  fees 
of  $10  per  month  (a  lifetime  subscrip¬ 
tion  costs  $170),  the  providers  need  to 
show  up  soon  with  some  engaging 
content.  Just  like  a  new  video  game 
console,  success  won’t  come 
from  the  device  itself 
but  from  the  content 
that’s  available.  ■ 


Off  the 
clock  mm 

Akimbo  takes  on-lemand 
content  to  new  levels 
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Find  out  how  you  can  invest  in  one  of  Entrepreneur 
Magazine's  “Fastest-Growing  Franchises”  #48  (2005) 
“Franchise  500®”  rank  #258  (2005),  and  “Top  New 

Franchises”  #15  (2005).  Single,  Multi-Units  and  Area 
Development  Opportunities  are  now  available. 
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Enjoy  digital 
media  from  the 
comfort  of  your 
favorite  room! 

The  new  Linksys  Media  Center 
Extender  connects  a  Media  Center  PC 
with  a  TV  and  stereo  system  anywhere 
in  your  home.  Enjoy  digitally  recorded 
TV  shows  without  commercials!  Watch 
downloaded  premium  movies,  listen  to 
your  MP3s,  or  view  digital  photos  from 
the  comfort  of  your  living  room.  Even 
chat  on-line  with  your  friends  while 
watching  TV! 
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Dual-Band  Wireless  A/G 


Microsoft® 
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Media  Center  Extender 


Register  for  the  Network  Life  Line 
Newsletter  and  be  entered  to  win! 


One  of  5  4GB  iPod  Minis 


Go  to  www.networklifemag.com/sweepstakes 
to  sign  up  today. 


NetworkLife" 

THE  EXPERT’S  GUIDE  TO  THE  CONNECTED  HOME  . — 


Network  Life  Line  —  an  alert-based  e-mail 
newsletter  that  will  keep  you  informed  about 
exciting  new  content  on  the  Network  Life  Web 
site  (www.networklifemag.com)  —  the  expert’s 
guide  to  the  connected  home. 


Register  today  at 

www.networklifemag.com/sweepstakes 


Complete  sweepstakes  rules  are  available  at 
www.nww.com/nwliferules.pdf.  Offer  expires  September  1,  2005. 


tradflbiarks  or  trademarks  of  DuPont  or  its  affiliates 


YOUR  COMPANY’S  FIREWALL 


g$pgfi£ 


Introducing  DuPont™  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in  protecting 
your  network  technology  investment.  DuPont™  certified  cable  produces  20  times  less  smoke  than  other 
plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most  advanced  fire 
safety  cable  technology  available  today.  To  learn  more  about  DuPont ™  certified  limited  combustible  cable 
or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  1-800-207-0756. 


The  miracles  of  science ~ 


Study:  Networks  to  get  their  fill  of  iSCSI 


■  BY  DENI  CONNOR 

IP-based  storage-area  networks  haven’t 
taken  off  yet,  but  once  they  do,  Ethernet 
networks  will  start  feeling  the  effects. 

A  new  1DC  study  finds  that  even  limited 
use  of  the  iSCSI  protocol  to  route  block- 
level  data  across  IP  networks  could  result 
in  as  much  as  a  sixfold  increase  in  traffic. 

“ISCSI  and  the  storage  traffic  it  gener¬ 
ates  is  going  to  be  substantial,”  says 
Robert  Gray,  research  president  for  IDC, 
which  estimates  products  with  iSCSI 
interconnects  will  grow  from  1.3%  of  all 
disk  storage  system  revenue  this  year  to 


■  HP  is  putting  the  finishing  touches 
on  an  updated  release  of  its  HP-UX 
operating  system  that  will  add  virtual 
partitioning  capabilities  to  the  compa¬ 
ny's  Itanium-based  Integrity  servers. 
The  update  will  make  the  virtualiza¬ 
tion  technology  available  to  users  of 
the  HP  9000  server  line  who  want  to 
install  the  latest  version  of  HP-UX.  HP 
says  the  update  is  due  in  early  July  as 
a  patch  to  Version  11  i  v2.  The  Virtual 
Partitions  feature,  also  known  as 
vPars,  lets  users  install  more  than  one 
copy  of  HP-UX  on  a  computer.  The 
upcoming  release  marks  the  first  time 
vPars  has  been  offered  for  the  Integ¬ 
rity  systems,  which  use  Intel's  Itanium 
2  processors.  For  years,  HP  has  in¬ 
cluded  the  technology  in  its  9000 
machines,  which  are  based  on  HP’s 
PA-RISC  chips. 

■  Advanced  Micro  Devices  last 

week  launched  its  duai-core  Athlon  64 
processor,  a  week  after  Intel  intro¬ 
duced  a  chip  of  its  own  that  contains 
two  processors  on  a  single  piece  of 
silicon.  Dual-core  chips  are  said  to 
offer  users  higher  performance  be¬ 
cause  tasks  can  be  balanced  be¬ 
tween  the  two  cores.  Microsoft's  Win¬ 
dows  XP  is  set  to  take  advantage  of 
the  technology,  as  are  many  applica¬ 
tions,  according  to  AMD.  Acer,  HP 
and  the  Lenovo  Group  showed  proto¬ 
types  using  the  new  chips. 


more  than  11%  in  2008. 

Gray  says  many  organizations  will  be  will¬ 
ing  to  live  with  the  significant  traffic 
increase  as  a  trade-off  for  being  able  to  use 
a  familiar  network  architecture  for  their 
storage  traffic.  Systems  exploiting  iSCSI 
might  appeal  to  organizations  that  find 
Fibre  Channel  to  be  overkill,  too  expensive 
or  hard  to  learn,  the  study  says. 

He  says  IT  can  take  actions,  such  as  seg¬ 
menting  networks,  to  keep  iSCSI  traffic 
from  overwhelming  other  traffic. 

“End  users  already  plan  to  have  an  iso¬ 
lated  storage  network,”  Gray  says.  “They 
have  two  reasons  for  doing  that:  security 
concerns  and  they  don’t  want  to  impact 
the  performance  of  their  applications.” 

The  characteristics  of  storage  traffic 
make  it  an  excellent  candidate  for  network 
segmentation,  Gray  says.  Whereas  other 
network  traffic  may  have  to  cross  numer¬ 
ous  hops  to  reach  its  destination,  storage 
traffic  is  a  “two-hop  experience  —  it  goes 


■  BY  JENNIFER  MEARS 

IBM  this  month  is  expected  to  begin  ship¬ 
ping  a  Xeon-based  server  that  can  scale  up 
to  32  processors  for  running  high-end  data¬ 
bases  and  enterprise  applications  or  to 
serve  as  a  platform  for  server  consolidation. 

The  eServer  x460  is  built  using  IBM’s  X3 
Architecture,  the  so-called  Hurricane 
chipset  that  is  the  result  of  a  three-year, 
$100  million  development  effort  to  bring 
mainframe-type  reliability  and  virtualiza¬ 
tion  capabilities  to  standards-based  Xeon 
systems. 

The  x460  follows  the  introduction  earlier 
this  year  of  the  four-processor  eServer  x366, 
IBM’s  first  system  based  on  the  X3  architec¬ 
ture.  Like  the  x366,  the  x460  is  a  3U  four- 
socket  system,  but  the  latter  is  designed  to 
be  more  scalable  and  reliable  to  support 
heavier-duty  workloads  than  the  x366,  IBM 
executives  say 

The  x460,  which  starts  at  around  $18,000 
for  a  two-processor  configuration,  is  priced 
similarly  to  its  previous  generation,  the 
eServer  x445,but  provides  up  to  a  60%  per¬ 
formance  improvement  in  an  eight-way 
configuration, says  Jay  Bretzmann,  director 
of  IBM’s  eServer  xSeries  high-performance 
product  division. 

The  x445  includes  eight  processors  in  a 


from  the  server  to  the  switch  and  then  to 
the  storage  device.” 

Building  a  network  that  supports  jumbo 
frames  also  can  ease  the  transition  to  iSCSI, 
says  Ronald  Godine,  manager  of  in¬ 
formation  systems  operations  for  Royal 
Appliance.The  Glenwillow,  Ohio,  company 
has  installed  LeftHand  Networks’  iSCSI- 
based  Network  Storage  Modules  to  store 
data  from  Microsoft  Exchange,  a  non-trans¬ 
actional  Oracle  database,  plus  Windows 
and  Unix  file  and  print  services. 

“When  you  can  transmit  a  9,000-byte 
packet  vs.  a  1,500-byte  packet,  that  can 
make  a  big  difference  in  efficiency” 
Godine  says  in  comparing  jumbo  frames 
with  typical  Ethernet  traffic.  “We  are  mak¬ 
ing  sure  that  jumbo  frames  are  supported 
in  our  entire  network  backbone.” 

Royal  Appliance  has  moved  switches 
that  don’t  support  jumbo  frames  to  the 
edge  of  its  network. 

Godine  also  recommends  using  Ethernet 


4U  chassis.The  x460  offers  four  sockets  in  a 
3U  chassis  to  accommodate  the  higher 
heat  output  of  the  latest  32-/64-bit  Xeon 
chips.  In  addition,  the  design  will  enable 
users  to  upgrade  to  dual-core  chips  more 
easily  he  says. 

St.  Paul  Travelers  Insurance  runs  VMware 
virtual  machines  on  a  handful  of  x445s  but 
held  off  on  buying  more  of  those  systems 
when  it  heard  about  the  x460. 

“We’re  looking  at  consolidating  some  of 
our  SQL  environments  and  we  were  a  bit 
concerned  about  whether  we  could  do 
that  confidently  on  the  445  architecture,” 
says  Matthew  Barlow,  infrastructure  devel¬ 
opment  manager  at  the  London  firm. 
“Looking  at  [the  x460,]  we  can  certainly” 
consolidate  on  it. 

Barlow  has  been  running  the  x460  in 


link  aggregation,  which  binds  iSCSI  con¬ 
nections  and  supports  failover. 

Ken  Walters, senior  director  of  enterprise 
platforms  for  the  Public  Broadcasting 
Service  in  Alexandria, Va.,  chose  Stonefly’s 
iSCSI  Storage  Concentrator  to  connect 
servers  to  storage  arrays.  He  runs  iSCSI  on 
a  separate  network  segment. 

“My  experience  is  that  I  use  less  of  the 
capacity  of  the  iSCSI  network  than  I  ex¬ 
pected, ”he  says.“Most  servers  are  not  heavy 
lifters  —  they  aren’t  doing  a  lot  of  heavy 
I/O  at  the  same  time.” 

The  servers,  which  run  Exchange  and  his 
network’s  Web  logs,  have  not  yet  experi¬ 
enced  any  performance  problems,  he  says. 

Walters,  who  will  be  moving  his  SQL 
Server  environment  to  iSCSI  next  year, 
says  no  one  should  consider  using  the 
technology  on  anything  slower  than 
Gigabit  Ethernet,  which  he  says  compares 
favorably  to  Fibre  Channel  in  terms  of 
error  rates.  ■ 


test  environments  and  says  he  is  im¬ 
pressed  by  its  performance.  He  likes  the 
modular  design  of  the  x460,  which  can  be 
linked  externally  to  grow  as  large  as  a  -32- 
processor  system. 

“We  like  the  fact  we  can  apply  the  power 
where  we  need  it  in  the  future,"  he  says. 

With  the  x460,  IBM  is  targeting  HP  and 
Dell,  both  of  which  have  exited  the  eight¬ 
way  and  above  Xeon  server  market.  In¬ 
stead,  the  server  makers  are  focusing  on 
providing  two-  and  four-way  Xeon  systems 
that  end  users  can  cluster  for  more  com¬ 
puting  power. 

The  x460  is  expected  to  be  available  June 
17  with  3.3-,  3-  and  2  83-GHz  Xeon  chips. 
The  higher-speed  chips  have  8M  bytes  of  L3 
cache,  and  the  lower-end  chip  has  4M 
bytes  of  L3  cache.  K 


IBM  scales  up  Xeon  server 


IBM's  x460  is  a  3U  server  that  starts  at  $72,000  for  a  typical  eight-processor  configuration. 
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Turn  Control  Freaks  Into  Remote  Control  Freaks 


€>  2005  Avocent  Corporation.  Avocent,  the  Avocent  logo,  DSView  and  The  Power  of  8eing  There  are  registered  trademarks  of  Avocent  Corporation. 


*  Recliner  recommended,  but  not  included. 


Kick  back.  Relax.  Make  yourself  comfy.  It's  all  part  of  a  day's  work  when  you’re  in  total  control  with  our  DSView®  3  management 
software*  Now  you  can  remotely  control  servers,  serial  devices  and  power  devices  from  a  single  browser  interface.  Reboot 
servers  down  the  hall  or  around  the  world.  With  virtual  media,  you  can  even  remotely 
load  software  without  setting  foot  in  the  data  center.  Those  hours  spent  at  the  rack 
are  over.  Visit  us  at  www.avocent.com/stayincontrol.  And  start  looking  for  a  new  chair. 


Avocent. 

The  Power  of  Being  There® 
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Lessons  from  Leading  Users 


Site: 

Fireman’s  Fund  lights  up  apps 


■  BY  JOHN  FONTANA 

Insurance  provider  Fireman’s 
Fund  Insurance  hopes  to  set  its 
industry  ablaze  with  a  project 
that  will  turn  its  mainframe  applica¬ 
tions  into  a  set  of  network  services 
that  provide  real-time  transactions 
over  the  Web  to  its  thousands  of 
independent  agents. 

It’s  a  heady  goal  in  an  industry 
where  integration  historically  has 
been  hamstrung  by  proprietary  sys¬ 
tems  that  cannot  talk  to  one  anoth¬ 
er  both  on  the  insurance  agent  front 
end  and  insurance  provider  back 
end. 

What  Fireman’s  Fund  hopes  to  ulti¬ 
mately  create  is  a  service-oriented 
architecture  (SOA)  with  the  func¬ 
tions  of  its  multiple  legacy  policy 
administration  and  billing  systems 
broken  down  into  reusable  compo¬ 
nents.  Those  components,  which 
will  use  an  industry  standard  called 
ACORD-XML  as  a  standard  data  for¬ 
mat,  will  be  molded  to  the  Fireman’s 
See  Fireman’s,  page  26 


HOW  IT  WORKS 


Quote  me 


Fireman’s  Fund  Insurance  is  aiming  to  create  a 
service-oriented  architecture  that  relies  on  ACORD- 
XML  to  help  integrate  its  back-end  systems  with  the 
front-end  systems  of  its  independent  agents. 


O  Insurance  agent  makes  request  from  his  legacy  agent  management  system  for  property  insurance  priGe  quote. 
©  Data  format  is  transformed  at  Ivan’s  Transformation  Station  into  ACORD-XML. 

©  Request  is  sent  to  the  various  Web  services  running  inside  Fireman’s  Fund  that  are  needed  to  generate  a  quote. 
O  WebSphere  middleware  orchestrates  flow  of  information  and  works  with  Itemfield’s  ContentMaster  to  map  ACORD 
formats  to  mainframe  formats  needed  to  talk  to  legacy  quote-generation  application. 

©  Data  passes  back  through  the  system  and  transformation  engines,  and  returns  price  quote  to  agent’s  terminal. 


Microsoft  to  unveil  collaboration  wares 


■  Management  vendor  Quest 
Software  last  week  said  it  would 
spend  $56.5  million  in  cash  to  acquire 
privately  held  Vintela,  which  devel¬ 
ops  software  to  integrate  Microsoft 
management  tools  with  other  plat¬ 
forms.  The  acquisition  brings  together 
two  companies  focused  on  managing 
and  extending  Windows  resources, 
most  notably  Active  Directory.  Quest 
plans  to  use  Vintela’s  integration  tech¬ 
nology  to  push  itself  into  the  identity 
management  arena,  including  support 
for  cross-platform  user  provisioning, 
password  management  and  end-user 
self-service  applications.  The  compa¬ 
ny  says  its  long-term  strategy  is  to 
extend  Active  Directory  so  companies 
can  use  it  to  manage  and  secure  their 
Unix,  Linux,  Macintosh  and  Java  plat¬ 
forms.  Quest  has  been  acquiring 
companies  over  the  past  few  years  to 
build  its  management  and  Active 
Directory  business,  including  Fastlane 
Technologies  in  2000  for  its  directory 
management  tools,  and  Aelita  in  2004 
for  its  directory  and  Exchange  man¬ 
agement  software.  The  acquisition 
leaves  Centrify  as  the  lone  indepen¬ 
dent  company  developing  integration 
software  focused  on  marrying  Active 
Directory  with  other  platforms. 

■  Unisys  and  SupplyScape  have 
begun  a  test  project  to  track  pharma¬ 
ceuticals  through  the  supply  chain 
using  RFID  or  bar  codes  with  the  aim 
of  cutting  down  on  counterfeit  medi¬ 
cines.  The  “electronic  drug  pedigree" 
program  will  track  distribution  of  Oxy- 
contin,  a  narcotic  used  for  moderate 
to  severe  pain  made  by  Purdue 
Pharma,  from  the  drug-maker’s  manu¬ 
facturing  facility  to  U.S.  wholesaler 
H.D.  Smith,  the  companies  say. 
Technology  for  the  project  is  under 
development  and  is  expected  to  be 
deployed  in  July.  Five  states  have 
passed  laws  with  varying  time  frames 
for  complying  with  implementing  elec¬ 
tronic  pedigrees  on  drugs,  and  a  stay 
placed  on  a  federal  regulation  by  the 
U.S.  Food  and  Drug  Administration 
will  expire  in  the  coming  months,  so 
companies  also  have  to  comply  with 
those  mandates. 


■  BY  JOHN  FONTANA 

Microsoft  last  week  said  it  has  completed 
development  of  its  next  generation  instant 
messaging  and  real-time  collaboration 
client,  Office  Communicator  2005,  and 
plans  to  ship  the  software  before  the  end  of 
this  month. 

In  addition  to  the  instant  messaging  capa¬ 
bilities,  Communicator  provides  users  with 
voice,  video,  Web  conferencing  and  tele¬ 
phony  in  a  single  desktop  interface. 

Office  Communicator  2005  is  a  major 
overhaul  of  the  client  software  for  Micro¬ 
soft’s  real-time  platform.  Microsoft  says 
Office  Communicator  has  been  released  to 
manufacturing,  which  means  CDs  are 
being  pressed  and  it  should  be  generally 
available  soon. 

Communicator  is  part  of  the  Office 
System,  which  is  Microsoft’s  centerpiece  for 


real-time  communication  and  collabora¬ 
tion  including  Outlook,  Communicator,  Ex¬ 
change,  Office,  ShareFbint,  Live  Communi¬ 
cation  Server  and  Live  Meeting. 

Communicator  is  the  front  end  for  inte¬ 
grating  presence  information  with  a  host  of 
Windows  applications,  including  those  in 
Office  System.  When  coupled  with  a  PBX, 
the  client  can  control  calls,  such  as  call  for¬ 
warding  and  multi-call  conferencing. 

“You  can  look  at  this  as  an  1M  client,  but 
it  is  really  a  much  broader  integrated  com¬ 
munications  client,” says  Ed  Simnett,  group 
product  manager  with  the  real-time  col¬ 
laboration  group  at  Microsoft. 

Microsoft  is  working  with  Siemens,  Alcatel 
and  Mitel  to  provide  telephony  integration. 

Communicator,  which  runs  on  Windows 
XP  and  2000  SP4,  works  in  conjunction  with 
Live  Communications  Server  (LCS)  2005 
and  is  a  key  link  for  integrating  the  server 


with  public  IM  services  such  as  Yahoo,  AOL 
and  MSN.  In  April,  Microsoft  released  the 
first  service  pack  for  LCS,  including  a  fea¬ 
ture  called  Public  IM  Connectivity  (PIC). 
Communicator  provides  the  client  support 
for  PIC,  although  Microsoft  says  the  current 
Windows  Messenger  5.1  provides  limited 
PIC  support. 

In  addition,  users  rolling  out  PIC  will 
need  to  purchase  a  separate  yearly 
license,  which  is  priced  at  $10  to  $12  per 
user  or  device.  Also,  the  PIC  service  is  only 
available  to  users  with  volume-licensing 
agreements.  The  Communicator  client 
access  license  (CAL)  is  priced  at  $31.  A 
separate  CAL  is  needed  for  telephony  inte¬ 
gration  and  is  also  priced  at  $31. 

Microsoft  is  entering  a  corporate  IM  mar¬ 
ket  dominated  by  rival  IBM/Lotus  and  its 
Lotus  Instant  Messaging  and  Web  Conferen¬ 
cing  platform.  ■ 


lH  NatworkWopId 

fi/6/05 

ft 

ppiieation  Services 


NET 

INSIDER 

Scott 

Bradner 


Pundit  Clayton  Hallmark  recently 
wrote  a  rambling  rant  (and  a  good 
one  as  anti-Microsoft  rants  go)  with 
the  eye-grabbing  title  of  “BIG  NEWS  ON 
MICROSOFT:  Slavery  to  It  Is  Ending.”  Not 
surprisingly,  the  work  popped  up  all  over 
the  place,  with  a  Google  search  getting 
more  than  1,500  hits,  so  far.  I  do  not  agree 
with  all  of  his  rant,  but  there  are  some 
interesting  observations  in  it. 

It  seems  more  than  a  bit  callous  to  equate 
the  general  need  to  use  Microsoft  products 
with  slavery  considering  the  history  and 
current  extent  of  slavery  of  the  human¬ 
kind,  and  I  think  it  takes  away  from  the 
messages  in  Hallmarks  article  (www.net 


‘Death  of  Microsoft,’  compressed 


workworld.com,  DocFinder:  7430).  That 
said,  his  basic  message  that  Microsoft  does 
not  have  a  way  to  effectively  compete  in 
software  for  cheap  or  very  cheap  personal 
computers  against  open  source  offerings 
has  merit.  Hallmark  particularly  focuses  on 
the  current  very  low-cost  computers 
already  available  from  Wal-Mart  (Doc 
Finder:  7431)  and  similarly  priced  systems 
from  India.The  Wal-Mart  offerings  cost  less 
than  $200  without  a  monitor,  plus  $40  for  a 
copy  of  Linux.  Hallmark  says  he  expects 
that  there  will  be  systems  available  for  even 
less  in  the  future  —  maybe  as  low  as  $10,0, 
including  software. 

Microsoft  currently  charges  manufac¬ 
turers  between  $70  and  $83  per  system  for 
Windows  but  that  does  not  include  edi¬ 
tors,  etc.,  Hallmark  says.  Microsoft  has  a 
$30  “starter  kit”  version  of  Windows  for 
entry-level  computers  in  developing 
countries,  but  Hallmark  considers  this  a 
trap  and  provides  links  to  analysis  by  folk 


like  Gartner  that  warn  against  using  the 
kit. 

Hallmark  points  out  that  there  is  no 
room  for  a  $75  operating  system  in  the 
cost  structure  of  a  $200  computer.  Hall¬ 
mark  argues  that  the  advent  of  these  very 
cheap  computers  running  Linux  instead 
of  Windows  will  become  a  real  threat  to 
Microsoft.That  seems  to  be  a  bit  of  wishful 
thinking,  as  I  doubt  that  super-cheap  com¬ 
puters  will  eliminate  the  market  for  more 
upscale  systems.  I  also  doubt  that  enough 
corporations  will  decide  to  switch  to 
Linux  on  their  desktops  to  worry 
Microsoft. 

0  won’t  bother  mentioning  Apple  even 
though  I  think  its  offerings  are  better  than 
Windows  and  Linux,  because  I  doubt  it  will 
ever  be  a  big  enough  player  to  be  statisti¬ 
cally  significant.) 

But  I  do  agree  that  there  soon  may  be  a  lot 
more  people  using  non-Microsoft-running 
computers  than  Microsoft-running  ones. 


>■  Lessons  from  Leading  Users 

Fireman's 
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Fund’s  business  processes  and  used  to 
create  new  applications  to  trump  the 
competition. 

The  components,  which  the  company 
is  creating  without  touching  any  of  its 
legacy  code,  can  be  assembled  on  the  fly 
into  ad  hoc  applications  creating  what 
Gartner  has  termed  the  service-oriented 
business  application  (SOBA).  Gartner 
predicts  by  2008  more  than  70%  of  com¬ 
panies  will  be  doing  business-to-business 
collaboration  via  SOBAs. 

Earlier  this  year,  Fireman’s  Fund  out¬ 
sourced  to  IBM  its  entire  IT  hardware 
infrastructure,  and  signed  a  10-year,  $94 
million  contract  for  IBM  to  provide  all 
application  development  and  mainte¬ 
nance  to  jump-start  the  SOA  transforma¬ 
tion. 

“We  have  this  monolithic  environment 
with  multiple  back-end  legacy  systems 
and  putting  in  a  service-oriented  archi¬ 
tecture  should  help  us  break  those 
monolithic  applications  into  consum¬ 
able  units,”  says  Roger  Cottman,  IT  prod¬ 
uct  director  for  Fireman’s  Fund  in 
Novato,  Calif.“It’s  not  functionality  tied  to 
a  screen,  it  is  functionality  waiting  to  be 
used.” 

Standards  setting 

One  of  Cottman’s  primary  building 
blocks  is  ACORD  XML,  a  set  of  standard 
messaging  formats  for  executing  transac¬ 
tions  and  exchanging  policy  information 
in  three  areas  of  insurance,  including 
Fireman’s  Fund’s  property/casualty  busi¬ 
ness.  The  standards  were  developed  by 


the  Association  for  Cooperative  Oper¬ 
ations  Research  and  Development 
(ACORD),  which  has  spent  30  years 
developing  insurance  industry  stan¬ 
dards,  first  with  paper  forms,  then  with 
EDI,  and  now  XML. 

Fireman’s  Fund’s  motivation  is  twofold, 
Cottman  says.  First  is  to  provide  a  stan¬ 
dard  way  for  more  than  3,000  indepen¬ 
dent  agents  to  interact  with  Fireman’s 
Fund’s  network.  The  second  is  to  mod¬ 
ernize  its  IT  infrastructure  and  make  it 
more  manageable  and  flexible  without 
having  to  touch  any  legacy  code. 

In  the  end,  Cottman  hopes  to  lay  his 
hands  on  two  Holy  Grails  for  the  insur¬ 
ance  industry:  straight-through  process¬ 
ing,  where  the  data  is  touched  but  once; 
and  Single  Entry  Multiple  Company 
Interface  (SEMCI),  which  lets  data  be 
keyed  in  once  and  sent  to  multiple  recip¬ 
ients  regardless  of  platform. 

Fireman’s  Fund  already  has  tested  and 
deployed  its  first  service,  a  billing  inquiry 
system  created  from  a  legacy  billing 
application.  Independent  agents  that  do 
business  with  Fireman’s  Fund  can  access 
the  service  via  the  Fireman’s  Fund  Web 
site  or  they  can  stay  in  their  agency  man¬ 
agement  systems  and  submit  a  policy 
number  that  returns  information  on  a 
customer’s  billing  status. 

The  integration  with  the  agent’s  legacy 
management  systems  is  handled  over 
the  Web  using  an  industry  hub  called 
Ivan’s  Transformation  Station,  which  can 
received  data  in  any  format  and  sent  it 
out  as  an  ACORD-formatted  message. 

The  billing  inquiry  service  is  a  simple 
data  display  mechanism  and  only  the 
first  step  toward  more  sophisticated 


SOBAs. 

The  goal  is  to  support  more  complex 
transactions,  such  as  loss  notification  or 
quote  generation,  which  include  error  , 
checking  and  transactional  rules. 
Fireman’s  Fund  is  secretly  working  on 
two  such  services  it  would  not  identify 
Based  on  ACORD  XML,  they  will  be  made 
available  to  agents  through  the  Fireman’s 
Fund  Web  site  and  via  the  Ivan’s  integra¬ 
tion  hub.  The  company  hopes  to  roll 
those  services  out  in  the  next  three  to  six 
months. 

The  company  has  built  an  infrastruc¬ 
ture  using  tools  from  Webify  Solutions  to 
construct  front-end  interfaces  to  its  ser¬ 
vices.  In  the  middle  is  IBM’s  WebSphere, 
including  the  WebSphere  Interchange 
Server,  which  helps  map  ACORD  to  main¬ 
frame  data  structures. 

Dealing  with  COBOL 

Fireman’s  Fund  also  has  added  Item- 
Field’s  ContentMaster  to  decode  the 
complex  COBOL-formatted  records  of  its 
legacy  applications  and  work  alongside 
WICS  to  map  those  COBOL  formats  to 
ACORD-based  service  requests.  Without 
ContentMaster,  Cottman  says,  Fireman’s 
Fund  would  have  had  to  develop  and 
maintain  its  own  proprietary  adapters  to 
decode  its  COBOL,  or  worse  —  touch 
the  COBOL  code. 

“We  didn’t  want  to  create  yet  another 
layer  of  code  we  had  to  maintain,” 
Cottman  says.“The  key  is  to  have  the  ser¬ 
vices  and  then  to  have  the  orchestration 
around  those  services  to  deliver  on  our 
business  processes.  In  the  past  we  have 
had  hard-wired  applications  that  do 
Step  A,  then  Step  B  and  then  become 
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Hallmark  seems  to  be  part  of  the 
Microsoft-is-evil  camp.  That  is  a  camp  I’ve 
stayed  in  from  time  to  time  when  thinking 
about  some  of  the  company’s  business 
practices,  but  I  use  Microsoft  software  on 
my  Apple  computer.  I  use  the  Office  Suite 
and  some  other  software.  In  fact,  I’m  editing 
this  column  on  MS  Word  while  listening  to 
KHYI  on  Windows  Media  Player. 

Microsoft  is  a  very  powerful  player  in  the 
computer  biz  and  I  doubt  it  will  fade  away 
anytime  soon.  But  Microsoft  might  find  the 
going  harder  in  some  areas  —  which  I 
would  not  find  troubling. 

Disclaimer:  Harvard  is  an  old  (and 
maybe  powerful)  player  in  the  education 
biz  and  learns  from  changing  times,  but  it 
has  not  expressed  a  view  on  Microsoft’s 
future  trials. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


monolithic  applications.” 

Cottman  says  the  importance  of 
ACORD  is  to  have  a  common  language 
and  common  format  that  is  supported 
throughout  the  industry. 

“AH  the  agents  need  to  do  at  some 
point  is  speak  ACORD,”  Cottman  says. To 
help  with  that,  he  says  Ivan’s  and  a  simi¬ 
lar  service  from  Agency  Management 
Systems  called  TransactNow  will  pro¬ 
vide  the  connection  to  agents’  systems 
and  transform  the  agents’  legacy  data 
formats  into  ACORD  messages  that  can 
be  used  to  talk  to  the  Web  services  run 
by  the  Fireman’s  Fund. 

“You  see  lots  of  flavors  of  these  types 
of  systems,  lots  of  ways  to  try  and 
achieve  this,”  Cottman  says.  He  says 
many  in  the  industry  screen  scrape  a 
Web  site  in  order  to  hide  the  site  naviga¬ 
tion  needed  to  get  at  information. 

“What  we  are  endeavoring  to  do  is  true 
Web  services  transactions  that  are  inde¬ 
pendent  of  the  Web  site  navigation.  And 
we  should  be  able  to  aggregate  the  ser¬ 
vices  together  to  support  new  business 
processes.  That  is  a  SOBA,”  he  says. 

The  effort  and  the  technological  ad¬ 
vances  are  aimed  at  one  thing,  making 
Fireman’s  Fund,  which  writes  $5  billion 
in  gross  premiums  per  year,  a  more  effi¬ 
cient  provider  of  insurance  services. 

“We  intend  to  be  the  easiest  company 
in  the  industry  to  deal  with;  that  is  one 
reason  we  have  modernized  our  sys¬ 
tems,”  says  John  Kozero,  a  spokesman  for 
Fireman’s  Fund. 

“I  don’t  think  you  will  find  very  many 
companies  that  have  a  greater  accent 
on  advanced  capabilities  for  applica¬ 
tions  and  services,”  Kozero  says.  ■ 


MEANS  MORE  POWER 
MORE  AFFORDAB 


ProCurve  Networking  by  HP  offers  a  range  of  affordable 
gigabit-enabled  switches  that  is  second  to  none.  That 
means  you  can  get  better  performance  from  your  network 
along  with  better  performance  from  your  networking 
dollars.  Downloads  that  used  to  take  minutes  can  now  be 
done  in  seconds.  And  you  can  do  it  for  cents.  Not  dollars. 
That’s  high-availability  gigabit  performance  at  the  edge — 
not  just  the  core  of  your  network.  What’s  more, 
ProCurve  gigabit-enabled  switches  are  backed  by 
a  lifetime  warranty"1 — perhaps  the  best  in  the  industry. 
More  affordability.  More  choice.  More  productivity. 
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•Lifetime  warranty  applies  to  all  ProCurve  Products,  excluding  the  ProCurve  routing  switch  9300m  Series  and  Secure  Access  700wl  Series,  which  have  a  one-year  warranty  with  extensions  available.  ©2004  Hewlett-Packard  Development  Company,  L.f? 
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WELL-CONNECTED  AWARDS 


■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


■Verio,  a  division  of  NTT  Communi¬ 
cations,  now  offers  a  Web  hosting 
platform  and  managed  Web  hosting 
services  that  support  IPv6,  the  next 
generation  of  the  Internet's  main 
communications  protocol.  Verio  is 
among  the  first  top-tier  ISPs  to  offer 
a  Web-enabled  production  applica¬ 
tion  that  supports  IPv6.  Although 
IPv6  was  finalized  a  decade  ago,  the 
technology  is  just  beginning  to 
attract  the  attention  of  enterprise 
customers  in  the  U.S.The  U.S. 
Defense  Department  is  one  of  the 
first  and  largest  organizations  to 
commit  to  IPv6  migration.  Other 
early  adopters  include  Department 
of  Defense  contractors  and  high- 
tech  equipment  vendors  such  as 
Cray  and  Juniper.  Verio’s  IPv6- 
enabled  Virtual  Private  Server  and 
Managed  Private  Server  let  users 
set  up  Web  sites  with  IPv6  address¬ 
es.  Verio  already  offers  IPv6  access 
services  including  native,  tunneling 
and  dual-stack  gateway  services 
between  IPv4  and  IPv6  traffic. 

■  Good  Technology,  a  competitor 
to  mobile  e-mail  vendor  Research  In 
Motion,  last  week  unveiled  its  first 
major  deal  with  a  carrier  when  it 
announced  that  Cingular  Wire¬ 
less  will  sell  its  service  on  two 
devices.  Cingular,  the  largest  U.S. 
mobile  operator,  will  offer  the 
GoodLink  service  for  the  PalmOne 
Treo  650  and  the  Siemens  SX66 
Pocket  PC,  a  Windows  Mobile 
Pocket  PC  device  from  Siemens  AG. 
GoodLink  continuously  synchronizes 
a  user’s  Microsoft  Outlook  e-mail 
and  other  data,  allowing  enterprise 
employees  to  access  their  e-mail, 
calendars,  contacts,  notes  and  lists 
of  tasks  from  anywhere  in  Cingular’s 
coverage  area.  Competitors  have 
begun  encroaching  on  RIM’s  suc¬ 
cessful  service,  which  primarily 
runs  on  its  BlackBerrv  devices. 
GoodLink  offers  a  choice  of  devices 
and  operating  systems,  over-the-air 
provisioning  that  lowers  the  cost  of 
ownership,  and  a  better  user-inter¬ 
face  and  easier  device  upgrades, 
the  company  says. 


AT&Ts  security  head  wears  many  hats 


AT&T's  Chief  Security  Information 
Officer  Ed  Amoroso  recently  spoke 
with  Network  World  senior  editors 
Denise  Pappalardo  and  Ellen 
Messmer  about  his  job  heading  up 
security  for  one  of  the  largest  tele¬ 
com  companies  in  the  world,  as 
well  as  the  topics  of  patch  manage¬ 
ment,  intrusion-prevention  systems 
and  worm  attacks. 


What  are  your  job  responsibilities? 

In  just  about  every  Fortune  1000  company  there  is  some¬ 
body  somewhere  worried  about  infrastructure  security,  hack¬ 
ers,  or  about  laptops  that  aren’t  patched  properly  That’s  a  job 
function  that  typically  falls  to  the  chief  security  information 
officer  [CSIO] .  I  have  a  fairly  sizable  team  that  works  on  all  of 
the  above.There  are  four  divisions,  each  with  about  100  peo¬ 
ple  and  a  different  set  of  responsibilities. 

What  are  some  key  issues  your  team  addresses? 

Because  our  business  is  networking,  the  infrastructure  we 
protect  is  pretty  large.  We  have  a  lot  of  IP  networking,  circuit 
switching,  Layer  2  frame  relay  managed  services  and  out¬ 
sourcing  that  all  comprise  the  infrastructure  that  we  need 
to  protect.  When  a  router  vendor  puts  out  a  patch  some 
users  might  say ‘Well,  we  don’t  have  to  worry  about  that 
one.’ We  rarely  have  that  experience.  Every  problem,  every 
issue,  every  patch,  they  all  have  to  be  attended  to. 

Are  you  also  responsible  for  development  of  AT&T's  security  ser¬ 
vice  offerings? 

That’s  the  second  piece,  cybersecurity  and  it’s  embedded 
in  our  world. The  concept  of  providing  security  services 
and  integrating  them  and  bundling  them  with  our  telecom, 
managed  and  professional  services  we  offer  is  pretty  obvi¬ 
ous.  It’s  a  very  nice  sort  of  integration  because  in  some 
sense  I  wear  the  cap  of  not  just  providing  the  service,  but 
I’m  also  of  a  pretty  typical  buyer.  I  can  tell  in  3  seconds 
whether  something  that  we’re  considering  or  proposing  is 
worth  bothering  with  because  I  know  darn  well  if  it’s  going 
to  help  reduce  the  burden  on  my  budget  or  if  it’s  going  to 
help  me  sleep  better  at  night.  Sometimes  I  watch  service 
announcements  come  out  and  I  say ‘Gosh,  what  must  they 
be  thinking?’ 

Can  you  give  us  an  example? 

They  are  not  always  product  announcements.  One  idea 
that  we  saw  was  the  idea  that  when  a  spam  comes  out,  you 
spam  the  spammer. That’s  a  notion  that  has  come  out  of  uni¬ 
versities  for  a  long  time. 

Our  feeling  is  we  have  to  stop  spam.  We  need  to  clean  up 
the  network. That’s  something  we  would  look  at  and  say,‘Wait 
a  minute,  what  if  my  systems  are  hacked  and  I’m  spamming, 
are  you  saying  you’re  going  to  chuck  spam  back  at  me?’ 
That’s  an  example  of  something  any  CSIO  would  look  at  in  1 
second  and  say ‘Ugh, I  hate  that.’ 


Which  patch  management  system  do  you  use? 

We  use  many  We  can  certainly  reduce  our  expenses  by 
having  one  tool  in  our  infrastructure.  But  we  tend  to  like  to 
have  a  couple  or  a  few  in  the  security  business  because  we 
have  customers  using  many  When  I’m  engaging  with  a  cus¬ 
tomer  I  prefer  having  experience  with  whatever  tool  they 
are  using  than  to  say  I  didn’t  pick  that  one. 

Do  you  see  any  alternatives  to  traditional  patch  management? 

First  off,  as  a  software  engineer  with  a  PhD  in  computer 
science,  as  a  software  engineering  professor,  I  have  been  in 
and  around  software  my  whole  life.  For  the  record,  software 
should  be  correct.  Let’s  not  lose  sight  of  the  fact  that  patch¬ 
ing  means  we’re  fixing  somebody’s  bugs.  So  we  should  pref¬ 
ace  everything  by  saying  that  that  is  an  untenable  situation. 

. . .  I’m  encouraged  by  Microsoft’s  Trusted  Computing 
Initiative. They  are  headed  in  the  right  direction. 

What’s  your  view  on  IPSs? 

We  actually  sit  with  a  24-7  ops  team  in  our  Global  Net¬ 
work  Operations  Center  where  we  collect  data  for  our 
threat  management  system,  Aurora.  Aurora  is  essentially  a 
huge  database  that  collects  firewall  and  IPS  logs,  net  flows 
from  our  routers,  information  from  our  honeypots  and  all 
sorts  of  different  networks  in  and  around  AT&T.  We  sit  24-7 
taking  actions  on  alerts  coming  in,  and  many  of  the  alerts 
show  a  source  IP  that  appears  to  be  scanning.  My  team  gets 
in  touch  with  that  individual,  because  we  have  a  look-up 
tool  and  know  exactly  what  it  is.  A  lot  of  times  it’s  not  some¬ 
thing  that  we  want  to  take  off  the  network. 

IPS  automates  the  whole  thing  and  takes  you  off  the  net¬ 
work.  I’m  not  willing  to  go  there  just  yet  because  I  don’t 
trust  the  accuracy  of  IPS  picking  up  the  condition  properly 
Maybe  some  businesses  can  stand  that,  but  a  lot  can’t.  1  do 
know  CSIOs  are  running  intrusion  prevention  in  certain 
cases,  but  the  vast  overwhelming  majority  are  testing  it  or 
they  are  running  the  IPS  in  passive  mode. 

Where  does  the  responsibility  and  liability  lie  when  you  have  a 
customer  that  didn't  patch  their  Web  server?  Who  is  responsible? 

It  all  comes  down  to  the  contract.  We  have  different  cate¬ 
gories:  low-rent,  medium-rent  and  high-rent  districts  that  range 
from  basic  collocation  to  fully  managed  Web  hosting  ser¬ 
vices.  If  someone  in  the  cage  next  door  is  getting  pounded 
that  should  not  affect  you.  We  go  to  great  lengths  to  make 
sure  we  are  carefully  monitoring  and  load  balancing  so  if 
someone  is  getting  hit  pretty  good  it  doesn’t  take  the  whole 
LAN  down.  And  that’s  easy  to  do  with  [virtual]  LANs  and 
rate  limiting. 

Speaking  of  attacks,  we  haven’t  seen  much  in  terms  of  a  big 
worm  attack  in  a  while. 

We  haven’t  seen  a  worm  attack  in  a  while,  but  let  me  give 
you  advice.  Never,  ever,  ever  confuse  a  quiet  period  with 
improved  security. The  fact  we  haven’t  seen  one  is  com¬ 
pletely  irrelevant.  It’s  not  that  everyone  has  gotten  better. 
Worms  are  very  simple  to  write.  It’s  just  no  one  has  written 
one,  that’s  why  we  haven’t  seen  it  ■ 
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Business  market  stoked  for  Ethernet  services 


a  BY  JIM  DUFFY 

There  might  be  no  hotter  data  service  now  than 
Ethernet.  The  worldwide  market  for  Ethernet  ser¬ 
vices  was  $2.5  billion  in  2004  and  is  expected  to 
more  than  double  this  year,  according  to  Infonetics 
Research.  From  there,  Ethernet  service  revenue  is  expect¬ 
ed  to  jump  another  276%  by  2009  to  $22.2  billion. 

Many  billows  are  stoking  this  fire. 

On  the  customer  side,  companies  are  hungry  for  more 
bandwidth  and  looking  to  reduce  WAN  costs.  Ethernet 
offers  a  way  to  do  both  because  of  its  bandwidth  capac¬ 
ities  and  relatively  inexpensive  prices  per  bit. 

On  the  service  provider  side,  carriers  also  are  looking 
for  ways  to  connect  their  various  sites  with  higher  band- 
widths  at  an  inexpensive  price  per  bit,  and  Gigabit 
Ethernet  point-to-point  wholesale  services  meet  this 
demand. 

On  the  equipment  side,  carrier-class  improvements 
have  been  made  to  Ethernet  products  that  are  enabling 
service  providers  to  offer  new  Ethernet  services,  includ¬ 
ing  those  with  QoS  and  service-level  agreements.These 
are  usually  the  chief  selling  points  of  the  traditional  pri¬ 
vate  line,  frame  relay  and  ATM  services  that  they  are 
now  beginning  to  replace,  Infonetics  says. 

According  to  Vertical  Systems  Group,  the  top  five 
sources  of  Ethernet  service  ports  based  on  enterprise 
customer  installations  are: 

•  T-l  Internet  access,  the  leading  source  of  Ethernet 
ports  because  of  ease  of  service  migration  coupled  with 
demand  for  higher  speed  connections  to  the  Internet. 

•  Bandwidth-hungry  new  or  “greenfield”  applications. 

fcfc  When  we  did  have  troubles 
they  were  always  tough  to  pin 
down.  Ethernet  is  easier  to 
troubleshoot  99 

John  McFadden 

CIO,  Loyola  University 

•  Migration  from  ATM  ports  at  rates  of  T-3  and  above. 

•  Migration  from  site-to-site  dedicated  IP  VPNs. 

•  Conversions  of  T-l  frame  relay  ports. 

Combined,  these  five  sources  represent  77%  of  the  U.S. 
Ethernet  port  base  in  2004,  according  to  Vertical. This 
type  of  demand  is  prompting  all  major  carriers  to 
morph  their  traditional  Transparent  LAN  Services  (TLS) 
into  more  flexible,  variable  and  reliable  Ethernet  ser¬ 
vices.  It’s  even  igniting  a  resurgence  in  previously  bank¬ 
rupt  service  providers  such  as  Yipes  Enterprise  Services. 
Yipes  received  $24  million  in  new  funding  two  months 
ago,  bringing  the  total  to  $94  million  in  what  it  has 
raised  since  emerging  from  bankruptcy  three  years  ago. 

There  are  several  flavors  of  Ethernet  service.  Ethernet 
is  essentially  an  application  on  top  of  an  existing  trans¬ 
mission  technology, such  as  SONET  or  leased  lines.lt  is 
also  available  on  pre-standard  technologies  such  as 
Resilient  Packet  Ring,  or  in  a  network  layer  technology 


like  IP/MPLS.  Ethernet  also  can  be  offered  as  a  stand¬ 
alone  service  on  copper  or  fiber,  or  delivered  on  a  wave¬ 
length  over  Dense  Wavelength  Division  Multiplexing 
(DWDM)  services. 

Ethernet  also  is  offered  as  a  switched  service  shared 
by  many  companies  over  a  public  network,  or  a  dedicat¬ 
ed  service  for  corporations  desiring  an  exclusive  facility. 

Loyola  University  in  Maryland  uses  a  switched 
Ethernet  service  from  Verizon  to  tie  in  remote  campuses 
and  give  them  all  of  the  technical  resources  available  at 
the  main  campus  in  Baltimore.The  school  has  three 
remote  campuses,  between  two  and  20  miles  away  from 
the  main  campus,  in  Timonium,  Columbia  and 
Belvedere  Square. 

The  school  picked  TLS  because  it  was  an  extension  of 
Loyola’s  Ethernet  infrastructure. 

“Our  fundamental  strategy  is  we  want  one  campus 
with  multiple  locations,”  says  John  McFadden,  CIO  and 
assistant  vice  president  of  technology  services  at  Loyola. 

Loyola  had  also  “maxed  out”  the  DS-3  ATM  links 
between  campuses  and  experienced  some  reliability 
issues  with  ATM,  McFadden  says. 

“When  we  did  have  troubles  they  were  always  tough  to 
pin  down,”  he  says.“Ethernet  is  easier  to  troubleshoot.” 

QoS  made  easier 

Hacienda  La  Puente,  a  large  school  district  in  Los 
Angeles  County,  agrees.  The  school  district  is  cutting  over 
to  1G  bit/sec  Ethernet  from  OC-3  ATM  on  July  1  to, 
among  other  things,  ease  management  of  QoS  for  voice 
and  video  delivery  to  2,700  stations  across  42  sites. 

“In  looking  at  deploying  different  virtual  LANs  across 
the  entire  district  it’s  a  lot  easier  than  having  to  set  up 
and  map  an  [ATM  Emulated-]  LAN,  or  set  up  switched 
virtual  circuits,  and  then  having  to  go  to  [permanent  vir¬ 
tual  circuits] ,”  says  Michael  Droe,  the  school  district’s 
CTO.“It  just  gets  to  be  more  trouble  than  it’s  worth  some¬ 
times.” 

Ethernet  will  also  simplify  multicast  video,  Droe  says. 

“On  ATM,  LANE  [LAN  Emulation]  doesn’t  really  sup¬ 
port  multicast.  So  to  really  do  anything  with  multicast 
you  have  to  start  going  into  PVC  configurations  and  set 
up  your  network  aside  from  LANE.  It  was  just  too  much 
to  completely  mesh  a  42-site  network.” 

The  price  is  also  right.  Droe  says  going  from  155M 
bit/sec  OC-3  ATM  to  1G  bit/sec  Ethernet  —  six  and  a 
half  times  the  bandwidth  —  only  costs  “a  couple  hun¬ 
dred  extra  dollars”  a  month. 

Loyola  upgraded  its  inter-campus  links  to  100M  bit/sec 
for  the  same  price  as  45M  bit/sec  ATM,  about  $5,000  per 
month,  McFadden  says. Verizon  says  it  can  substitute 
1.5M  bit/sec  inter-LATA  frame  relay  DS-ls  —  which  cost 
$400  to  $500  per  month  —  to  10M  bit/sec  Ethernet  for 
$900  to  $1,000  per  month. 

That’s  seven  times  the  bandwidth  for  twice  the  price, 
and  one  reason  why  Verizon  saw  50%  growth  in  the 
number  of  Ethernet  ports  in  the  first  quarter  and  a  60% 
to  70%  growth  in  Ethernet  revenue,  says  Michael  Tighe, 
Ethernet  product  marketing  manager  at  the  carrier. 

“We’re  very  much  leading  [data  services  marketing] 
with  the  Ethernet  portfolio  and  very  active  in  going  out 
and  presenting  it  to  our  customers, ’’Tighe  says. 

The  first  quarter  was  the  first  time  demand  for  100M 


In  the  Ether 

The  worldwide  market  for  Ethernet  services 
is  expected  to  reach  nearly  $20  billion  by  2007. 

Yearly  revenue  for  Ethernet  services 
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bit/sec  connections  outpaced  that  for  1GM  bit/sec. 

Verizon  offers  various  flavors  of  Ethernet:  TLS,  which  it 
now  calls  E-LAN  in  keeping  with  Metro  Ethernet  Forum 
(MEF)  definitions;  E-Line,  which  is  a  dedicated  private 
line  service  formerly  known  as  Verizon  Optical 
Networking;  and  Ethernet  Virtual  Private  Line  (E-VPL),a 
switched  service  that  maps  an  Ethernet  virtual  connec¬ 
tion  from  a  host  site  to  a  branch  office. 

Verizon  also  offers  Ethernet  as  an  application  on  its 
SONET  rings  —  a  service  it  calls  Enhanced  Dedicated 
SONET  Ring  (EDSR)  —  and  can  carry  Ethernet  on  a 
dedicated  wavelength  over  its  DWDM  network. 

Companies  needing  site-to-site  connectivity  usually  opt 
for  E-LAN  or  E-VPL, Tighe  says.Those  needing  data  center- 
to-data  center  connectivity  across  miles  for  business-con¬ 
tinuity  and  disaster-recovery  applications,  or  to  connect 
two  EDSR  rings  together  usually  opt  for  E-Line,  he  says. 

The  most  popular  EPL  interface  combination  is  1G 
bit/sec  Ethernet  with  only  150M  bit/sec  turned  up, Tighe 
says.  That  allows  users  to  gradually  scale  up  their  band¬ 
width  to  a  full  1G  bit/sec  as  required,  he  says. 

Ethernet-over-DWDM  appeals  to  those  requiring  point- 
to-point  10G  bit/sec  connections  carrying  both  Ethernet 
and  private  line  services, Tighe  says. 

Standardization  behind  momentum 

Ethernet’s  appeal  has  been  augmented  by  MEF  specifi¬ 
cations  to  make  the  enterprise  LAN  technology  “carrier- 
grade.’Two  months  ago,  the  MEF  unveiled  its  definitions 
for  Ethernet  scalability  protection, “hard”  QoS  guaran¬ 
tees, TDM  support  and  service  management. 

“Carrier  Ethernet  will  be  able  to  support  more  of  a 
variety  of  services,  including  some  of  the  legacy  ser¬ 
vices”  through  techniques  such  as  MPLS,  Draft  and  Dry 
Martini,  and  pseudowire,  says  Nan  Chen,  MEF  president. 
“That’s  enabled  the  growth  of  Ethernet  services,  both 
from  a  business  as  well  as  a  residential  perspective.” 

Pseudowire  emulates  physical  connections  using  a  ser¬ 
vice  ID  label  that  defines  the  traffic  type  and  QoS  para¬ 
meters.  Draft  Martini  is  a  specification  for  integrating 
Layer  2  services  onto  an  MPLS  core,  and  Dry  Martini 
extends  pseudowire  to  work  over  any  infrastructure, 
such  as  SONET  and  ATM  —  not  just  MPLS. 

The  MEF  will  be  demonstrating  Carrier  Ethernet  at  this 
week’s  Supercomm  2005  conference  in  Chicago.  ■ 
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EYE  ON  THE 
CARRIERS 

Johna  Til! 
Johnson 


I  noted  recently  that  we  need  to  rethink 
the  broader  public  policy  on  informa¬ 
tion  stewardship  in  the  context  of  21st 
century  technology 

That’s  no  small  task.  It  affects  every¬ 
thing  from  our  understanding  of  the 
Fourth  and  First  Amendments  to  local 
and  national  law-enforcement  and  anti¬ 
terrorism  initiatives. 

This  might  sound  a  wee  bit  “out  of  scope” 
for  IT  executives.  But  as  the  ones  who  best 
understand  the  potentials  and  pitfalls  of 
technology  we  have  an  obligation  to  speak 
up  as  we  approach  a  policy  crossroads. 

The  devil’s  in  the  details.  For  example,  in 
a  widely  quoted  piece  that  appeared  in 
last  month’s  Communications  of  the  ACM, 
security  guru  Bruce  Schneier  warned, “The 
police  need  a  warrant  to  read  the  e-mail 
on  your  computer,  but  they  don’t  need  one 
to  read  it  off  the  back-up  tapes  at  your  ISP’ 
Schneier  is  making  a  very  specific  point, 
and  his  comment  is  100%  correct.  But  a 
casual  reader  might  mistakenly  arrive  at 
the  erroneous  conclusion  that  the  police 
can  walk  in  off  the  street  and  start  reading 
your  e-mail. 

Not  quite.  In  the  case  of  US.vs.  Lifshitz, 
courts  ruled  the  government  can  gain 
access  to  stored  e-mails  by  warrant,  court 
order  or  subpoena.  In  other  words,  the 
cops  don’t  need  an  actual  warrant,  but 
they  do  need  either  a  subpoena  or  a  court 
order.  The  distinction’s  important  because 
it’s  much  harder  to  get  a  warrant  than  a 
subpoena.  Warrants  require  probable 
cause;  subpoenas  don’t. 

The  bottom  line  is  it’s  not  as  if  the  cops 
can  walk  in  off  the  street  and  start  rifling 
through  your  e-mail. But  the  barriers  to  gov¬ 
ernment  surveillance  are  much  lower  than 
you  might  have  thought. 

it  gets  worse.The  courts  have  made  con¬ 
fusing  and  increasingly  contradictory  dis¬ 
tinctions  about  which  communications 
are  protected  and  which  aren’t.  There’s 
the  distinction  between  “temporarily” 
stored  e-mails  (on  a  server)  vs.  backed-up 
e-mails  (on  tape  drives),  with  lower  stan¬ 
dards  for  protection  of  the  latter.  Ditto 
stored  “content” —  the  text  body  of  a  mes¬ 
sage  —  and  less-protected  “records  and 
information”  —  the  e-mail,  IP  and  geo¬ 
graphical  addresses  of  the  senders  and 
recipients.  Finally,  there’s  the  looming 
question  of  VoIP  Wiretapping  laws  govern 
“wire”  transmissions  (voice  calls)  but  not 
e-mail.  But  adding  voice  to  an  e-mail 
changes  the  e-mail  from  an  electronic 
communication  to  a  more  stringently  pro¬ 
tected  voice  communication. 

There’s  a  great  rundown  of  these  issues  in 
a  story  in  American  Bar  Association  maga¬ 
zine  (see  www.networkworld.com,  Doc- 
Fmder  7429). 


Rethinking  legal  privacy  framework:  A  call  to  arms 


The  authors  conclude  that  the  courts  and 
Congress  are  arriving  at  a  crossroads:  Either 
they  can  try  to  retrofit  the  new  computer 
and  information  technology  pegs  into  the 
old  telephone  policy  holes,  or  we  can  col¬ 


lectively  agree  to  rethink  the  meaning  of 
privacy  in  the  21st  century 
I’m  voting  for  the  latter.  But  the  courts  and 


Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen- 


legislators  can’t  do  it  alone.  They  need  to  dent  technology  research  firm.  She  can  be 


hear  from  us. 


reached  at  johna@nemertes.com. 
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SMI-S  1.1  simplifies  storage  mgmt. 


■  BY  RAY  DUNN 

When  it  comes  to  storage  environments, 
management,  complexity,  interoperability 
and  serviceability  are  among  the  top  chal¬ 
lenges  IT  professionals  face. 

Answering  this  call,  the  Storage  Network¬ 
ing  Industry  Association  (SNIA)  recently 
released  Version  1.1  of  its  Storage  Manage¬ 
ment  Initiative  Specification  (SMI-S). 

SMI-S  helps  maintain  and  protect  infor¬ 
mation  in  all  the  electronic  forms  repre¬ 
sented  by  the  various  types  of  storage 
products. 

By  standardizing  the  communications 
that  occur  to  provide  management  ser¬ 
vices  to  the  storage  infrastructure,  SMI-S 
lets  IT  administrators  use  a  single  applica¬ 
tion  for  many  operations  that  traditionally 
required  separate  management  products 
in  a  storage  network. 

SMI-S  1.1  enables  enhanced  services  in 
the  areas  of  configuration,  provisioning 
and  trend  reporting,  event  management, 
security  and  data  protection. 

For  example,  if  a  user  wants  to  provision 
a  new  logical  unit  number  (LUN),  he 
would  request  storage  for  the  application. 
He  would  supply  the  requirements  for 
QoS  and  data  protection.  Then,  the  SMI-S 
Version  1.1  storage  management  would 
determine  the  availability  of  storage  to 
meet  these  requirements.  The  manage 
ment  application  request  would  go  over  a 
TCP/IP  link  to  an  SMI-S  hardware  device 
for  information,  which  would  be  main¬ 
tained  in  the  SMI-S  proxy  server  acting  in 
the  role  of  a  Common  Information  Model 
Object  Manager  (CIMOM). 

CIMOM  would  be  able  to  provide  infor- 
.mation  from  several  devices  back  to  a 
management  client.  Lastly  the  user  would 


■  HOW  IT  WORKS 


SMI-S  1.1 

The  Storage  Management  Initiative  Specification  1.1 
lets  administrators  use  one  application  for  many  of 
the  operations  that  traditionally  required  separate 
management  products.  In  this  example,  an 
administrator  provisions  a  logical  unit  number  (LUN). 


O  Administrator  who  wants  to  request  storage  for  an  application  logs  on  to  a  storage  management  application  and 
indentifies  the  requirements  for  QoS,  data  protection  and  so  forth. 

©  Administrator  consults  the  management  application  to  determine  the  availability  of  storage  to  meet  requirements. 
App  directs  request  to  the  SMI-S  provider  for  information,  which  is  maintained  in  the  SMI-S  proxy  server  acting 
in  the  role  of  a  Common  Information  Model  Object  Manager  (CIMOM). 

©  The  CIMOM  provides  information  about  the  devices  back  to  the  management  client  in  the  form  of  an  XML  document. 

©  The  administrator  selects  the  appropriate  LUN  through  the  storage  management  application,  which  then  configures 
the  data  path  from  the  application  server  through  the  SAN  to  storage  array.  This  step  results  in  the  correct 
sequence  of  actions  that  will  assign  the  LUN  to  the  application. 


select  a  LUN  through  the  storage  man¬ 
agement  application,  which  then  would 
perform  a  set  of  actions  to  assign  a  LUN  to 
the  application. 

Here  are  some  highlights  of  Version  1.1: 

•  Network-attached  storage:  Version  1.1 
gives  users  with  the  ability  to  create  and 
manage  file  shares,  and  monitor  state 
changes. 


•  Host  volume  management:  The  new 
version  enables  storage-pool  creation  and 
monitoring  —  ultimately  allowing  for  ini¬ 
tialization  of  volumes  from  storage  pools 
and  mapping  a  QoS  such  as  the  type  of 
redundancy  (RAID  level)  and  other  set¬ 
tings. 

•  Performance  monitoring:The  ability  to 
conduct  I/O  performance  reporting  and 


monitoring  across  heterogeneous 
devices. 

•  Health  and  fault  management: 
Normalize  the  reporting  of  problems  with 
storage  resources  across  a  storage-area 
network,  including  identifying  problems 
with  devices  and  reporting  appropriate 
faults  and  error  messages. 

•  iSCSI:  Allows  the  discovery  and  asset 
reporting  of  storage  devices  on  iSCSI  pro¬ 
tocol  storage  networks. 

•  Policy  management:  Establishes  rules- 
based  automated  operations  across 
devices  from  different  manufacturers. 

•  Security  enhancements:  Offers  role- 
based  authentication  and  identity  man¬ 
agement. 

Using  products  without  SMI-S,  IT  man¬ 
agers  must  make  careful  choices  because 
of  the  proprietary  nature  of  how  these 
products  would  be  managed.  The  combi¬ 
nations  of  products  that  work  together 
might  be  extremely  limited.  Storage  re¬ 
source  management  software  might  re¬ 
quire  the  need  to  place  agents  throughout 
an  environment  to  gather  and  report  infor¬ 
mation  on  how  storage  consumption  was 
happening. 

With  SMI-S,  the  management  informa¬ 
tion  can  be  maintained  in  the  device  or 
in  a  central  proxy  CIMOM  that  consoli¬ 
dates  information  from  many  types  of 
devices  into  a  single  instance  of  the  com¬ 
mon  object  model.  SMI-S  Version  1.1  prod¬ 
ucts  will  be  available  during  the  coming 
year. 

Dunn  is  an  industry  standards  marketing 
manager  with  Sun,  a  member  of  the  SNIA 
board  of  directors  and  an  officer  with  the 
Storage  Management  Forum.  He  can  be 
reached  at  Raymond.Dunn@Sun.com. 


Dr.  Internet  By  Steve  Blass 

We  want  to  connect  a  desktop  database  client 
from  a  Windows  PC  directly  to  a  MySQL  database 
server.  The  server  is  configured  to  only  accept 
connections  from  a  specified  Web  server  that  uses 
a  shell  account  that  logs  on  via  Secure  Shell 
(SSH).  What  can  we  do? 

With  SSH  port  forwarding  you  can  connect  direct¬ 
ly  to  the  database  server  by  tunneling  through 
your  shell  account  on  the  Web  server.  You  can 


even  read  and  write  the  database  tables  using 
Microsoft  Access  and  the  MyODBC  connector 
from  www.mysql.com  through  the  SSH  tunnel.  To 
establish  an  SSH  tunnel  with  a  command  line 
SSH  client,  type  “ssh  -I  loginID  -L  3306:mysql- 
host:3306  shellhosf.This  logs  into  the  shell 
account  host  as  loginID,  while  connecting  local 
Port  3306  on  your  desktop  to  the  mysql  host  at 
Port  3306  through  the  SSH  connection  via  the 
shell  host.  Most  graphical  SSH  clients  let  you 


establish  tunnels  through  configuration  or  prefer¬ 
ence  options,  so  look  for  the  Tunnel  or  Port 
Forwarding  settings  and  establish  the  same  kind 
of  connections.  After  you  establish  connections 
the  first  time,  make  sure  the  tunnel  is  set  up  and 
connected  before  you  talk  to  the  database  server 


Blass,  a  network  architect  at  Change@Wo>k  in 
Houston,  can  be  reached  at  dr  interne  (©change 
atwork.com. 
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Neat  Gadget  Department:  In  January 
we  discussed  a  Wi-Fi  hot-spot  detec¬ 
tor  that  we  thought  was  pretty  good. 
A  more  expensive  alternative,  the  Digital 
Hotspotter  Model  #HS10  from  Canary 
Wireless,  provides  more  information 
about  a  hot  spot  for  about  double  the 
price  ($60  direct). 

The  HS10  is  a  small  (roughly  2.5  by  2  by 
1  inches)  lightweight  box  with  a  small  LCD 
display  Press  the  button  on  the  front  and 
the  HS10  scans  for  802.11b  and  802.1  lg 
networks  and  reports  on  the  name  being 
broadcast,  the  signal  strength  (shown  as 
zero  to  four  bars),  whether  the  network  is 
encrypted  (both  Wired  Equivalent  Privacy 
and  Wi-Fi  Protected  Access  are  detected), 
and  which  channel  is  being  used. 

The  HS10  works  well,  but  a  few  access 
points  from  various  manufacturers  aren’t 
detected  reliably  or  at  all  (see  Canary’s 
Troubleshooting  forum,  www.network 
world.com,  DocFinder :  7432). 

According  to  Canary:  “Detection  of  all 


existing  access  points  cannot  be  accom¬ 
plished  without  substantially  more  expen¬ 
sive  hardware. The  current  device  attempts 
to  strike  a  balance  that  provides  a  useful 
functionality  at  a  reasonable  price.”  (But  as 
one  forum  contributor  pointed  out,  a  full¬ 
blown  wireless  PC  card  is  not  much  more 
if  not  the  same  price  as  the  HS10.) 

We  suspect  that  most  inexpensive  Wi-Fi 
detectors  suffer  from  the  same  limitations 
or  more.  But  given  how  many  access  points 
these  devices  can  detect,  they  still  are  use¬ 
ful  and  it  appears  from  online  user  com¬ 
ments  that  the  HS10  is  better  than  most. 

Our  second  neat  gadget  is  a  personal 
privacy  tool  kit  for  Windows  2000  and  XP 
users  called  Stealth  Surfer  II  (DocFinder: 
7433). 

Stealth  Surfer  II  is  said  to  support  secure, 
anonymous  surfing  and  e-mail,  and  it 
makes  for  a  clever  and  reasonably  simple 
solution  for  portable  privacy 

Built  on  a  USB  drive  with  some  fancy 
security  electronics,  it  looks  like  a  vanilla 
USB  storage  device.  Once  you  plug  in  the 
Stealth  Surfer  II  (it  is  USB  2.0  compatible) 
and  navigate  to  it  in  Windows  Explorer, 
you’ll  find  only  one  application  that,  when 
you  execute  it,  brings  up  a  logon  screen. 

With  the  right  password  the  drive  is  magi¬ 
cally  transformed  so  that  you  now  can  see 


the  files  and  folders  on  itThese  consist  of  a 
set  of  utilities  for  secure  browsing,  pass¬ 
word  and  online  account  management, 
and  e-mail. 

Pre-installed  on  the  drive  are: 

•  FireFox  browser  (DocFinder:  7434). 

•  Anonymizer,  an  anonymous  surfing 
router.  (DocFinder:  7435). 

•  RoboForm,  form-filling  automator 
with  secure  user  account  management 
(DocFinder:  7436). 

•  Thunderbird,  an  open  source  e-mail 
client  (DocFinder:  7437). 

•  Hushmail,  a  PGP-compatible  secure 
free  email  (DocFinder:  7438). 

Getting  the  tools  running  is  easy,  and  if 
you  already  use  any  of  them  you  can  copy 
your  data  onto  the  USB  drive.  Once  you’re 
logged  on,  all  browser  and  email  service 
requests  are  handled  by  the  applications 
on  the  Stealth  Surfer.  Logging  off  from 
Stealth  Surfer  services  requires  double 
clicking  on  an  icon  in  the  Windows  sys¬ 
tem  tray 

The  device  is  fast  and  reliable  and,  with 
pricing  starting  at  $100  for  a  128M-byte 
Stealth  Surfer  II,  an  excellent  value. 

Last  week  we  started  discussing  Linux 
clusters  after  delving  into  a  new  book,  The 
Linux  Enterprise  Cluster  by  Karl  Kopper, 
which  is  all  about  creating  high-availabil¬ 
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ity  clusters  of  inexpensive  computers  to 
provide  enterprise-class  resources  and 
services. 

High-availability  clusters  are  different 
from  high-performance  computing  (HPC) 
clusters,  although  the  latter  can  be  en¬ 
hanced  to  incorporate  the  former.The  most 
famous  example  of  an  HPC  is  Beowulf. 

Beowulf  clusters  are  described  as  “scal¬ 
able  performance  clusters  based  on  com¬ 
modity  hardware,  on  a  private  system  net¬ 
work,  with  open  source  software  [Linux] 
infrastructure  ...  as  simple  as  two  net¬ 
worked  computers  each  running  Linux 
and  sharing  a  file  system,  or  as  complex  as 
1,024  nodes  with  a  high-speed,  low-latency 
network.” 

So  back  to  The  Linux  Enterprise  Cluster. 
This  tome  explores  the  key  technologies 
that  underpin  building  real  enterprise-level 
Linux  clusters. 

One  of  the  technologies  we  mentioned 
was  Heartbeat,  which  is  the  backbone  of 
failover  handling  from  a  failed  primary 
server  to  a  back-up  server.  How  it  works  is 
. . .  what?  We’re  out  of  space! 

Next  week,  Heartbeat  and  more.  Until 
then,  show  us  yer  pulse  at  gearhead @ 
gibbs.com.  Defib  at  Gearblog  ( www.net 
workworld.  com /weblogs /gearblog). 


You  might  grin  a  little, you  might  groan  a  little, when 
someone  asks  for  help  installing  the  Axentra  Net- 
Box.  We  certainly  did  both  when  we  tried  it  on  our 
network. 

The  Net-Box  is  an  all-in-one  server/router/firewall  that 
can  become  the  core  of  a  home  network.  In  addition,  the 
Linux-based  device  provides  Web  and  e-mail  servers.  The 
grins  came  when  we  realized  we  could  host  our  own  Web 
site  and  e-mail  server  without  having  to  convert  an  old 
computer  or  buy  a  Windows-based  server.  An  Axentra  part¬ 
nership  with  TZO.com  gives  Net-Box  owners  a  domain 
name  free  for  a  year. 

But  the  groans  came  from  some  installation  headaches 
and  the  realization  that  our  favorite  parts  of  the  Net-Box, 
the  Web  server  and  e-mail  server,  were  half-cooked  appli¬ 
cations  that  frustrated  more  than  pleased  us. 

Our  first  sign  of  trouble  came  in  a  warning  on  the  “getting 
started”  card:  If  our  current  network  had  a  router,  we  need¬ 
ed  to  disconnect  it.Then  we  looked  on  the  back  of  the  Net- 
Box;  there  was  only  one  LAN  and  one  WAN  port.  For  more 
complex  network  setups  the  card  suggested  we  attach  a 
hub  or  a  switch  to  the  network. 

Because  we  had  a  wireless  router,  this  meant  that  the  four 
Ethernet  ports  on  our  router  (attaching  a  desktop, our  work 
notebook,  the  network-attached  storage  [NAS]  device  and 
the  power-line  adapter)  would  have  to  be  abandoned. 

We  discovered  we  could  use  the  router  if  we  disabled  its 
DHCP  server. We  still  needed  to  sacrifice  one  of  the  ports  to 


Net-Box  is  ambitious,  but  audience  is  unclear 


connect  the  Net-Box  to  the 
router,  so  we  took  a  NAS  box 
off  the  network.  We  would 
have  preferred  a  system  that 
provided  multiple  LAN  ports 
on  its  own  box  or  worked  in  a 
topology  in  which  the  wire¬ 
less  router  could  remain  the 
network’s  central  core. 

Once  we  disabled  the 
router’s  DHCP  server,  we  were 
able  to  configure  the  Net-Box. 

A  set-up  wizard  let  us  create 
administration  accounts  and 
connect  to  our  ISP  for  a  WAN  address, 
and  gave  us  a  domain 
name.  Once  connect¬ 
ed,  the  system  took  us 
to  the  Web-based  Ad¬ 
ministration  Center, 
where  we  set  up  other 
security  settings  OP  fil¬ 
tering,  content  filtering  and  others), and  wireless  settings. 

We  were  disappointed  by  the  wireless  features,  which 
only  supported  40  and  104-bit  Wired  Equivalent  Privacy 
However,  because  we  left  our  wireless  router  on  the  net¬ 
work,  our  current  Wi-Fi  Protected  Access  (WPA)-enabled 
router  could  handle  all  of  the  wireless  clients  and  still  con¬ 
nect  to  the  Net-Box. 

The  Net-Box  Applications  page  includes  portal  applica¬ 
tions  (including  a  calendar,  address  book  and  Weblog),  a 
Web-based  e-mail  reader  and  space  for  posting  photos  or 
other  Web  pages  to  the  domain. 

Once  the  Net-Box  becomes  the  center  of  your  network, 


The  Net-Box  got  high  marks  in  its 
ability  to  let  users  host  their  own 
Web  site  and  e-mail  server  but 
low  marks  for  its  half-cooked 
applications. 


you  also  can  store  your  digital  files  (photos, 
music,  videos  or  regular  data)  on  its  80G-byte 
hard  drive.  If  you  need  additional  space,  up  to 
four  USB  hard  drives  can  attach  to  the 
Net-Box,  or  you  can  upgrade  to  the  H-9Q 
Net-Box,  which  has  160G  bytes  of  storage. 

We  were  disappointed  in  the  Web  server 
application,  which  provides  a  rudimen¬ 
tary  HTML  editor  to  create  pages,  but 
inserting  photos  and  other  artwork  onto 
a  Web  page  involves  moving  photos  into 
specific  user  folders  through  a  Web- 
based  wizard.  If  you  plan  to  build  a  Web 
site,  use  a  different  HTML  editor  or  pub¬ 
lishing  system. 

We  couldn’t  figure  out  the  Net-Box’s  in¬ 
tended  market.  Consumers  with  home  net¬ 
works  get  many  of  the  same  features  (In¬ 
ternet  sharing,  DHCR  firewalls  and  file  stor¬ 
age)  from  a  router  and  NAS  box.The  ability  to 
host  your  own  Web  server  and  e-mail  domain  was  com¬ 
pelling,  but  could  be  easily  matched  by  a  Web  host. 
Anyone  with  a  small  business  or  small  office/home  office 
likely  would  get  these  features  from  an  integrator,  or  just 
run  a  Windows-based  Web  server  or  e-mail  server. 

Shaw  can  be  reached  at  kshaw@nww.com. 


■  Check  out  this  week's  Network  Life  supple¬ 
ment,  beginning  after  page  16  for  more  heme  net¬ 
working  reviews  anti  strategies. 
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DENSITY  •  AFFORDABILITY  •  PERFORMANCE  •  CONVERGENCE  •  SECURITY 
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%  A  M  ith  the  performance  you  expect  front 
w  w  Foundry,  now  comes  the  price,  flexibility, 

FastIron  SuperX 

FastIron  SuperX  with  M2 

•  Edge  &  Wiring  Closet  Switch 

•  Enterprise  and  Metro  L3  backbone 

and  density  breakthrough  you’ve  been  waiting  for. 

•  Extensive  QOS  and  Security 

Switch 

Foundry’s  integrated  Layer  2/3  switch  delivers  an 

Features 

•  High-Performance  layer  3  routing 

extensive  feature  set,  integrated  PoE,  full  layer  3 

•  Ease  of  Upgrade  to  POE 

•  Up  to  1  Million  Routes  and  20  BGP 

routing  (including  OSPF  and  BGP4)  and  wire 

•  1  O-GE  Aggregation  and  Core  Switch 

PEERS 

speed  10  GE  performance  for  Enterprise  and 

Service  Provider  environments. 

GET  SECURED.  GET  CONVERGED. 

•  Lowest  Price  per  Port  than  Other 

lO-GaE  Modular  switches 

Get  SuperX. 

J 

high  Density 

•  Up  to  204  Ports  GE-SFP  Mini-GBIC 

•  Up  to  204  Ports  10/100/1000 

•  Up  to  192  Ports  10/100/1000  PoE 

•  Up  to  16  Ports  10-GE 

High  Performance 

•  Wire-Speed  Every  Port 

•  Up  to  304  Mpps  Throughput 

•  510-Gbps  Switching  Capacity 

Convergence  Ready 

•  Standards-Based  Power-over-Ethernet 

•  Purpose-Built  for  Data,  Voice  &  Video 

•  Integrated  Wired  &  Wireless  Support 

IRONSHIELD  SECURITY 

•  Wire-Speed  ACLs  &  Rate  Limiting 

•  Secure  Shell,  Secure  Copy,  SNMPv3 

•  DoS  Attack  Protection 

•  802. lx  &  MAC  Authentication 
with  Dynamic  Policy 
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OH  TECHNOLOGY 

John  Dix 

Carr’s  latest 
effort  to  stir 
the  IT  pot 


Nicholas  Carr  is  back,  following  up  his  infamous  “IT 
doesn’t  matter”  essay  in  the  Harvard  Business  Review 
with  a  piece  in  the  MIT  Sloan  Management  Review 
titled  “The  end  of  corporate  computing.” 

A  common  theme  in  both  is  that  the  commoditization  of 
IT  has  relegated  its  role  to  that  of  utility  much  like  electricity 
This  development,  he  concludes  in  the  first  article,  means 
IT  is  no  longer  strategic,  while  in  the  new  piece  he  argues 
that  utility  IT  services  are  best  provided  by  large  central¬ 
ized  companies  vs.  tackled  in-house. 

It  is  essentially  an  outsource  argument,  and  he  makes 
some  valid  points. 

When  electricity  was  not  widely  available  companies 
built  their  own  generation  facilities,  Carr  says.  But  when  it 
became  possible  to  deliver  power  over  greater  distances, 
entrepreneurs  realized  centralized  production  provided 
economies  of  scale  and  serving  multiple  customers  made 
it  possible  to  “achieve  higher  capacity-utilization  rates.” 

IT  is  ripe  for  the  same  metamorphosis,  he  says, 
because  companies  today  have  large,  overbuilt  data 
centers  constructed  with  commodity  parts,  supporting 
similar  applications. 

“The  history  of  commerce  has  repeatedly  shown  that 
redundant  investment  and  fragmented  capacity  provide 
strong  incentives  for  centralizing  supply  Carr  writes. 

There  is  no  doubting  that  outsourcing  has  an  important 
role  to  play,  and  likely  an  increasing  one.  Carr  is  right  to 
conclude  that  the  convergence  of  virtualization  technol¬ 
ogy  grid  computing  and  Web  services  is  potent  stuff  that 
will  change  the  face  of  computing,  making  it  possible  to 
develop  new  applications  faster,  scale  environments  to 
meet  demand  and  maximize  hardware  utilization  rates. 

But  he  makes  the  same  mistake  in  this  piece  as  he  did  in 
the  first  in  assuming  kilowatts  are  the  same  as  kilobytes, 
which  colors  his  conclusion. 

Generators  were  core  assets  when  electricity  was  scarce 
or  spotty  But  when  the  supply  became  reliable  and  cheap, 
the  decision  to  outsource  was  simple.  Electricity  is  electric¬ 
ity  Ask  a  CEO  if  data  is  simply  data,  or  ever  will  be. 

What’s  more,  you  can’t  combine  100  volts  here  and  100 
volts  there  to  get  300  volts.  With  IT,  the  whole  can  be  greater 
than  the  sum  of  the  parts.  Piecing  together  this  piece  of 
data  with  information  culled  from  three  other  sources  can 
mean  real  business  value,  and  you  don’t  want  to  be  stand¬ 
ing  in  line  waiting  for  your  “utility”  to  add  it  up  for  you. 

Carr  gets  it  partially  right.  Outsourcing  is  here  to  stay  and 
is  one  of  the  important  ways  companies  will  augment 
internal  efforts,  but  it  won’t  lead  to  the  end  of  corporate 
computing. 


— John  Dix 
Editor  in  chief 
jdix@nww.com 


Why  VoIP? 

In  the  story  “States  want  VoIP  lack  infrastructure" 
(DocFinder:  7425),  Daniel  Corcoran  of  New  York’s 
Office  for  Technology  states,  “We’re  getting  enor¬ 
mous  pressure  to  do  VoIP  and  we  keep  asking, 
’Why?”’ If  your  PBX  is  digital  and  trunks  to  the  local 
telco  by  primary  rate  ISDN,  you  have  all  the  services 
available  from  VoIP  without  the  overhead  tax  or  the 
Internet’s  security  problems. 

Another  question  one  might  ask  before  installing 
VoIP  is:  “How  much  time,  money  and  effort  do  we 
spend  securing  the  regular  PBX  and  the  devices 
[servers  and  PCs]  that  connect  to  the  Internet?” 
Then  ask  yourself  again, “Why?” 

Stephen  Wyman 
Network  specialist 
Texas  Department  of  Transportation 
Austin, Texas 

Always  a  good  read 

I  always  look  forward  to  reading  JohnaTill  Johnson’s 
column.  I  count  on  Johnson  to  brief  me  on  the  issues 
facing  the  telecom  industry  I  find  her  column  insight¬ 
ful,  informative  and  always  upbeat. 

What  has  contributed  to  the  downturn  in  the  high- 
tech  sector  is  the  cynicism  of  those  in  the  industry 
High-tech  allows  companies  to  keep  a  minimum  of 
inventory  it  allows  for  tremendous  efficiencies  in  the 
product  distribution  system  and  on  the  assembly 
line,  not  to  mention  the  reduction  of  overall  produc¬ 
tion  costs.  This  allows  for  more  affordable  products, 
which  translates  into  more  disposable  income  for 
everyone. 

A  successful  company  is  a  matter  of  good  design:  It 
all  boils  down  to  that.  And  a  well-designed  company 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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has  a  good  network,  inside  and  out. 

Kenneth  Selin 
President 
K+ 

Ottawa,  Canada 

Doubtful  dividends 

Regarding  your  editorial,  “AT&T:  Investments  paying 
dividends”  (DocFinder:  7426):  I  agree  that  many 
AT&T  customer-facing  systems  have  been  consoli¬ 
dated.  .  .even  if  the  network  now  resembles  a 
Byzantine  maze. 

AT&T’s  internal  systems  still  are  experiencing 
issues,  as  well.  My  employer  (a  longtime  AT&T  cus¬ 
tomer)  signed  a  contract  almost  six  months  ago  for 
local  and  long-distance,  but  AT&T  still  hasn’t  man¬ 
aged  to  get  the  rate  changes  reflected  on  invoices, 
nor  consolidate  two  invoices  into  one. 

Concept  of  One  and  Concept  of  Zero,  indeed  — 
one  terrible  Web  site  and  zero  ability  to  deliver  cor¬ 
rect  invoices.  All  AT&T  needs  is  some  bad  customer 
service  to  round  things  out. ...  Oh  wait,  that’s  where 
SBC  comes  in. 

Toby  Meehan 
Milwaukee 

IPv6  constituents 

Regarding  Chuck  Yoke’s  column, “So  where  is  all  the 
IPv6?”  (www.networkworld.com,  DocFinder:  7424) 
While  I  agree  with  most  of  Yoke’s  comments,  he  is 
ignoring  two  important  constituencies:  Govern¬ 
ment/military  organizations  that  require  IPv6  capa¬ 
bility  and  foreign  countries  unhappy  that  the  U.S. 
owns  the  overwhelming  majority  of  IP  addresses. 
These  could  be  considered  two  important  market 
drivers  for  IPv6  adoption. 

Tom  Price 
Vice  president 
The  Bernard  Group 
Austin, Texas 


Find  out  what  readers  are  saying  about  these  and  other  topics. 
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DEMO  INSIGHTS 

Chris  Shipley 
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f  you’ve  attended  the  Demo  Conference  or 
follow  the  DemoLetter  blog  (www.net 
workworld.com,  DocFinder:  7428),  you 
know  that  I  am  a  huge  advocate  of  the  move 
to  social  computing.  In  very  broad  strokes, 
social  computing  puts  people  at  the  center  of 
leveraged  technology  to  enable  individuals  to  collaborate,  communi¬ 
cate  and  transact.  Social  computing  takes  many  forms. 

At  its  most  basic,  e-mail  is  social  software.  At  its  extreme,  so-called 
social  networks  such  as  Friendster  and  Linkedln  depend  on  the  inter¬ 
actions  of  members.  Marketplaces  such  as  eBay  are  fundamentally 
social.  Blogs  are  a  form  of  social  media, and  enable  readers  to  become 
engaged  with  content,  commenting  on  and  referring  to  postings. 

At  the  center  of  these  software  products  and  services  are  reputation 
systems,  either  explicit  or  implicit.  A  reputation  system  is  a  means  of 
understanding  who  someone  is  and  how  that  person  behaves  within 
the  community  In  e-mail,  reputation  systems  are  implicit:  Do  I  know  the 
sender?  In  eBay  the  reputation  is  explicit:  Buyers  and  sellers  rate  each 
other.  Social  networks  use  a  blend  of  the  two.  In  Linkedln,  you  are 
known  by  the  company  you  keep  and  what  this  company  says  about 
you  —  who  you  are  connected  to  and  how  you  are  endorsed. 

Each  of  these  reputation  systems  is  about  instilling  confidence  in  the 
social  environment  in  which  you  engage.  In  time,  reputation  systems 
will  extend  to  sites  and  services,  as  well.  At  The  Wall  Street  Journal's  D 
Conference  last  month,  Bill  Gates  talked  about  a  forthcoming  reputa¬ 
tion  network  that  would  let  users  report  on  the  legitimacy  of  Web  sites 
to  combat  identity  theft  and  phishing.  Such  a  reputation  system  could 


Your  reputation  precedes  you 


be  incorporated  into  browser  or  operating  system  technology  thereby 
using  community-rated  reputation  as  a  proxy  for  security 

Reputation  systems  bring  legitimacy  and  context  to  the  interactions 
in  social  computing  environments,  and  have  allowed  social  software 
products  and  services  to  flourish.  Imagine  the  possibilities  if  these  ser¬ 
vices  were  perceived  not  as  products  themselves,  but  as  component 
tools.  Imagine  if  social  networks  —  effectively  search  tools  to  identify 
personal  and  business  relationships  —  were  a  part  of  business  process 
software.That  would  be  very  powerful. 

Likewise,  imagine  if  reputation  systems  were  not  individual  silos. 
Imagine  if  you  did  not  start  from  scratch  to  build  your  reputation  each 
time  you  joined  a  new  community  Imagine  if  your  reputation  traveled 
with  you,  much  as  it  does  in  the  real  world. 

For  that  to  happen,  the  technology  industry  needs  to  convene  an  ini¬ 
tiative  to  create  a  reputation  standard  or  protocol. There  are  whispers 
that  such  a  movement  is  afoot,  and  hopefully  consumers  and  busi¬ 
nesses  will  wield  their  influence  to  demand  such  a  standard  and  spur 
on  the  movement.  A  portable  identity  and  reputation  would  enable 
more  secure  transactions,  raise  trust  in  interactive  communities  and 
reduce  friction  in  e-commerce.When  individuals  can  conduct  business 
in  a  trusted  environment,  service-based  social  computing  finally  will 
become  a  reality. 


Each  of  these 
reputation  sys¬ 
tems  is  about 
instilling  confi¬ 
dence  in  the 
social  environ¬ 
ment  in  which 
you  engage. 


Shipley  is  executive  producer  of  The  Demo  Conferences,  a  biannual 
Network  World-owned  event  that  launches  and  showcases  the  newest 
emerging  technology  products  and  services.  She  can  be  reached  at 
chris@demo.  com. 


TELECOM  CATALYST 

Daniel  Briere 

The  average  medieval  castle  featured  lay¬ 
ers  of  defense.  Multiple  wall  rings  were 
constructed  so  that  there  was  no  single 
intrusion  point.  However,  these  walls  could  be 
rendered  useless  by  that  most  unpredictable 
of  enemies:  the  insider — a  spy  within  the  cas¬ 
tle  walls  who  helped  the  intruder  gain  access. 
But  what  ultimately  did  in  the  castle  era  was  the  trebuchet.a  sort  of  cat¬ 
apult  on  steroids  which  not  only  allowed  the  enemy  to  pound  castle 
walls  from  a  safe  distance,  but  also  to  hurl  flaming  objects  or  diseased 
pigs  over  the  walls.  That  ended  the  focus  on  building  perimeters 
around  castles  as  the  major  line  of  defense. 

We’re  going  through  a  similar  security  shift  now  in  our  networks,  and 
I  can’t  help  but  see  the  same  evolution  occurring.  But  while  castles  had 
decades  to  refine  their  security  systems,  most  network  growth  has 
occurred  within  the  last  few  years,  and  security  technology  has  been 
scrambling  to  keep  up. 

Add  VoIP  to  the  network  and  you  bring  in  an  entirely  new  security 
problem. VoIP  is  more  susceptible  to  denial-of-service  (DoS)  attacks 
than  data  applications  because  of  its  QoS  requirements.  Secure  solu¬ 
tions  are  needed  to  protect  against  voice  spam,  phone  number 
spoofs,  theft  of  services  and  other  threats  as  yet  unknown.  What’s 
worse  is  that  when  you  add  voice  components  to  the  data  network, 
they  become  susceptible  to  the  same  threats  as  the  data  network 
such  as  switch,  router  and  software  vulnerabilities. 

Even  more  unnerving  is  the  recent  publicity  regarding  VoIP  and  91 1 
calling  problems.  A  distributed  DoS  attack  on  a  VoIP  phone  could 
prevent  someone  from  dialing  911  in  an  emergency. That’s  a  lawsuit 
you  don’t  want  to  be  on  either  end  of. 

Intrusion-prevention  systems  (IPS)  not  only  address  data  threats 
and  DoS  attacks,  but  also  can  address  VoIP  vulnerabilities  that  have 
been  discovered  in  Session  Initiation  Protocol  and  H.323  imple¬ 
mentations.  Because  of  their  high  throughput  and  low  latencies, 


Defending  the  castle 


customers  are  increasingly  putting  IPSs  at  their  network  core  to 
protect  against  worms,  viruses,  Trojans,  DoS  attacks,  spyware  and 
VoIP  threats. 

However,  in  the  vein  of  “You  can’t  be  too  rich  or  too  thin,"  you  can’t 
be  too  secure  or  too  wary  More  proactive  measures  are  needed  to  nip 
problems  before  they  appear  on  the  network.  Security  needs  to  be 
closer  to  the  client. 

Some  ways  to  deal  with  this? 

•  Follow  the  movement  toward  internal  security  The  days  of  perime¬ 
ter  security  being  all  you  need  are  gone.  Companies  such  as  ConSentry 
Networks  offer  access  enforcement  gear  specifically  designed  to  con¬ 
trol  users  and  malware  within  enterprise  LANs  —  in  effect  locking 
down  security  as  close  to  the  user  as  possible  to  create  self-defending 
LANs.  IPSs  from  companies  such  as  TippingPbint/3Com  can  be  placed 
on  either  internal  or  external  points  on  the  network. 

•  Track  the  VoIP  Security  Alliance. This  group  is  working  on  predict¬ 
ing  ways  that  hackers  can  cause  problems  with  VoIP  security.  All  VoIP 
vendors  should  participate  in  this  effort.  There’s  no  room  for  propri¬ 
etary  one-sided  solutions,  and  with  more  wireless  and  more  VoIP 
coming  into  networks,  we  need  to  be  further  ahead  of  the  curve,  not 
behind  in  a  “patch  and  run”  fashion. 

•  Be  aware  of  the  movement  toward  reputation  rating  among  net¬ 
works.  If  you’ve  got  a  reputation  for  sending  a  lot  of  spam  —  even  if 
it’s  not  your  fault  —  then  other  networks  will  start  shutting  you  off. 

There’s  nothing  like  having  a  flaming  pig  hurled  over  the  wall  to  get 
your  attention  —  medieval  kings  and  lords  quickly  changed  their 
defensive  plans  and  took  the  battle  to  the  field. Today’s  environment 
is  more  akin  to  a  hand-to-hand  battle,  with  the  good  guys  and  bad 
guys  intermixed,  and  you  need  new  approaches  to  adequately 
defend  against  that. 


More  proactive 
measures  are 
needed  to  nip 
problems  before 
they  appear  on 
the  network. 
Security  needs  to 
be  closer  to  the 
client. 


Briere  is  CEO  ofTeleChoice,  a  market  strategy  consultancy  for  the  tele¬ 
com  industry.  He  can  be  reached  at  telecomcatalyst@telechoice.com. 
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Out  with  the  old,  in  with  the 


Six  IT  experts  give  pointers  on  how  one  ficti¬ 
tious  company  can  solve  its  IT  problems  using 
new  data  center  principles  and  technologies. 


■  BY  BETH  SCHULTZ 

Our  problem  scenario:  The  IT  architecture  at  a  major  con¬ 
sumer  goods  manufacturer  was  a  mess.  Rapid  growth  over 
the  last  several  years  had  forced  a  thinly  spread  corporate 
IT  organization  into  reaction  mode.  What  application  and 
infrastructure  guidelines  the  IT  group  had  in  place  were 
often  ignored  by  IT  managers  throughout  the  decentralized  organiza¬ 
tion  as  they  made  decisions  on  the  fly  to  suit  the  needs  of  their  partic¬ 
ular  fiefdoms.  In  one  year,  the  number  of  servers  alone  had  doubled, 
with  no  consistency  whatsoever  on  operating  system  selection. 
Different  Windows  versions  ran  on  60%  of  the  servers,  Linux  on  25%  and 
Unix  on  15%.  Some  users  were  beginning  to  complain  that  applications 
were  running  way  too  slowly  or  crashing  completely  while  others  ex¬ 
pressed  irritation  about  the  growing  number  of  passwords  they  had  to 
remember.  Here’s  a  closer  look  at  the  IT  environment: 


•  Applications:  The  company’s  most  criti¬ 
cal  applications  are  legacy  mainframe-based 
ones  used  by  employees  and  customers  for 
number  crunching,  as  well  as  a  handful  of 
homegrown  accounting  applications  that  run 
on  very  old  versions  of  Windows. These  latter 
applications  work  well,  so  the  priority  has 
never  been  to  update  or  port  them  to  new 
versions  of  Windows.  Besides  these,  the  firm 
has  a  typical  assortment  of  business  applica¬ 
tions,  from  ERP  and  CRM  to  e-mail  and  cor¬ 
porate  instant  messaging.  Some  IT  managers 
had  favored  Java,  others  Microsoft’s  platform. 
Some  developers  have  started  playing 
around  with  Web  services. 

•  Server  infrastructure:  The  firm  has  a 
mish-mash  of  Sun  and  HP  Unix  servers  and 
an  assortment  of  Wintel  servers  at  four  data 
centers  —  one  in  New  York,  which  is  mir¬ 
rored  in  Boston,  and  others  in  London  and 
Sydney,  Australia. 

The  number  of  servers  has  doubled  to 
nearly  450,  with  roughly  one-third  of  the 


older  Wintel  servers  reaching  five  years  of 
age  and  in  need  of  being  refreshed.  The 
remainder  have  not  yet  hit  the  corporate 
five-year  depreciation  threshold. 

•  Network  infrastructure:  The  firm  main¬ 
tains  a  sluggish  1G  bit/sec  Ethernet  backbone 
among  its  New  York  headquarters  and  seven 
major  offices  around  the  country;  desktop 
links  operate  at  100M  bit/sec.  An  IPSec  VPN 
provides  connectivity  from  smaller  offices 
and  international  facilities.  Wireless  LANs  are 
popping  up  at  the  offices,  but  have  not  been 
sanctioned  by  corporate  IT. 

•  Storage  infrastructure:  Rapid  growth 
has  led  to  a  hodgepodge  of  server-attached 
storage  arrays  of  varying  capacity  with  a 
Fibre  Channel  storage-area  network  (SAN) 
in  the  New  York  data  center. 

Corporate  IT  knew  it  needed  to  turn  IT  into 
a  services  organization  capable  of  enabling 
the  business.  It  knew  changes  —  big  changes 
—  were  in  order  if  it  was  to  make  that  happen. 
But  where  to  start? 


From  top  left,  Stephen  Nunn  of  Accenture,  Jeff  Kaplan,  Thinkstrategies,  David  Nolan, 
Forsythe  Technology,  and  CDW’s  Jeremy  Weiss,  Tim  Keating  and  Crawford  Aimer. 


reconcilable  differences 

The  storage  folks  need  distance  replication 
with  the  lowest  latency,  zero  packet  loss, 
guaranteed  performance  and  security. 
Meanwhile,  network  managers  must  trim 
operational  costs  and  still  somehow 
prepare  the  network  for  the  coming 
avalanche  of  web  services,  grid  computing 
and  other  mission-critical  applications. 
Thankfully,  Ciena's  Adaptive  WANT 
supports  all  these  applications  and  more  in 
one  solution  designed  for  unprecedented 
scalability  and  zero  downtime.  Qualified  by 
all  the  major  storage  players,  Ciena's  plug- 
and-play  products  lower  costs  by  up  to 
80%  while  extending  applications  as  far  as 
you  want,  so  you  can  afford  to  reconcile 

everyone's  needs. 
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Download  our 
Storage  Extension 
White  Paper  at 
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SOLUTION  1: 


Outsourcing 
looks  good 

THE  EXPERT:  Jeff  Kaplan,  managing  director,  Thinkstrategies 


Obviously,  this 
major  consumer 
goods  manufactur¬ 
er’s  current  ad  hoc 
and  decentralized 
IT  approach  has 
failed  to  support 
the  company’s  cor¬ 
porate  objectives 
adequately  and  has 
led  to  a  severe  dete¬ 
rioration  in  the  reli¬ 
ability  of  its  IT  infra¬ 
structure  and  application  services.  As  a  result,  IT 
leadership  must  take  greater  control  of  day-to-day  IT 
operations  end  to  end,  and  create  a  common  vision 
for  IT’s  overall  role  within  the  company 

IT  leadership’s  first  step  must  be  to  establish  a 
stricter  set  of  corporate  IT  priorities,  policies  and 
procedures  for  governing  operations.  This  means 
that  many  of  the  company’s  IT  decisions  must  be 
more  directly  based  on  corporate  objectives.  It  also 
means  that  IT  decisions  must  become  more  cen¬ 
tralized  to  ensure  better  coordination  and  greater 
cost-savings. 

Centralization  might  not  sit  well  with  IT  staffers 
who  previously  have  been  allowed  plenty  of  free¬ 
dom  to  make  their  own  decisions  and  to  operate  in¬ 
dependently  or  with  business  units  that  had  been 
making  IT  decisions  autonomously  Given  potential 
political  ramifications,  the  move  to  a  more  central¬ 
ized  operating  model  should  be  mandated  and  fully 
supported  by  the  company’s  senior  management, 
starting  with  the  CEO  and  CFO. 

Start  with  an  audit 

With  its  new  authority  IT  leadership  must  next  ini¬ 
tiate  a  thorough  audit  of  IT  and  application  service 
levels  and  assessment  of  current  and  future  business 
requirements.  To  ensure  an  objective  assessment, 
this  audit  should  be  either  conducted  by  an  inde¬ 
pendent  firm  or  by  an  internal  team  of  IT  and  busi¬ 
ness  representatives  that  report  its  findings  to  senior 
management. 

The  audit  should  target  specific  performance 
problems  that  are  hampering  business  success 
today  and  those  that  could  adversely  affect  the  com¬ 
pany  soon.  It  should  determine  which  problems  are 
directly  related  to  technology  issues  vs.  those  that 
might  be  a  result  of  poor  IT  management  practices. 


Given  the  escalating  impact  of  the  IT  operating 
problems,  the  company  needs  to  make  important 
changes  quickly  This  audit  process  should  take  into 
account  typical  business  cycles,  but  should  not  take 
more  than  90  days. 

Move  on  to  outsourcing  strategy 

Given  the  company’s  limited  resources,  IT  leader¬ 
ship  then  should  develop  an  outsourcing  strategy 
based  on  the  specific  priorities  resulting  from  this 
audit  and  assessment.  An  outsourcing  strategy 
should  determine  what  roles  outside  solution  pro¬ 
viders  will  play  in  resolving  the  current  problems, 
building  an  IT  infrastructure  and  deploying  appli¬ 
cations  that  best  satisfy  the  company’s  current 
business  needs  and 
meet  its  future  corpo¬ 
rate  objectives.  IT  lead¬ 
ership  needs  to  do  this 
with  the  understanding 
that  revamping  the  IT 
architecture  and  appli¬ 
cations  entirely  on  its 
own  would  not  make 
good  business  sense 
given  the  rapidly  ex¬ 
panding  array  of  out¬ 
sourcing  or  “out-task¬ 
ing”  alternatives. 

While  I  don’t  recom¬ 
mend  a  wholesale 
transfer  of  the  company’s  IT  operations  to  an  out¬ 
sourcer  because  a  majority  of  these  deals  fail,  a 
growing  number  of  managed  services  are  avail¬ 
able  for  addressing  many  of  the  company’s  prob¬ 
lems.  For  instance,  a  managed  VPN  service  could 
end  sluggish  performance  on  the  1G  bit/sec  Ether¬ 
net  backbone,  and  a  managed  storage  service 
could  satisfy  the  company’s  storage-area  network 
needs  and  provide  off-site  back-up  facilities  for 
disaster  recovery  and  business  continuity 

Consider  specific  managed  services 

As  they’ve  matured,  managed  services  have  be¬ 
come  beneficial  for  large-scale  companies  that 
want  to  offload  specific  IT  functions.  Independent 
managed  service  providers  as  well  as  a  growing 
variety  of  hardware  and  software  vendors,  telecom 
carriers  and  resellers  offer  these  services. 

The  rapid  evolution  of  managed  services  is  being 


matched  by  a  resurgence  of  hosted  software  ser¬ 
vices.  The  success  of  Salesforce.com  among  small- 
to-midsize  businesses  has  attracted  attention  from 
larger  companies  that  are  fed  up  with  traditional 
CRM  and  salesforce  automation  software  packages. 
Such  on-demand  services  are  available  not  only 
from  major  enterprise  players  such  as  Siebel 
Systems  and  Oracle,  but  also  from  other  ‘Net-native 
software  service  providers  such  as  NetSuite.  This 
consumer  goods  manufacturer  might  well  be  able 
to  take  advantage  of  a  managed  supply-chain  man¬ 
agement  service. 

Standardized  platforms 

Whether  the  company  updates  its  hardware  and 

software  on  its  own  or 
leverages  third-party  re¬ 
sources,  standardizing 
the  hardware  and  soft¬ 
ware  platforms  should 
be  a  priority 
This  not  only  should 
permit  the  company  to 
achieve  greater  interop¬ 
erability  across  geogra¬ 
phies,  but  also  should 
increase  system  and 
application  reliability, 
and  reduce  manage¬ 
ment  and  maintenance 
costs.  Standardization 
also  would  permit  the  consolidation  of  systems  and 
platforms,  which  could  result  in  greater  perfor¬ 
mance  levels.  Standardization  could  enable  the 
company  to  establish  strategic  sourcing  agreements 
with  key  vendors,  reducing  procurement  and  sup¬ 
port  costs. 

Finally,  the  company  must  remember  that  we  are 
still  in  the  midst  of  a  buyer’s  market.  In  this  envi¬ 
ronment,  it  has  the  luxury  of  selecting  from  a  wide 
range  of  product  and  service  alternatives.  It  also 
has  the  opportunity  to  negotiate  favorable  prices 
for  these  alternatives.  The  company  should  not 
make  its  choices  based  on  price  alone.  But,  it 
should  be  able  to  find  good,  economical  solutions 
that  address  its  short-term  needs  and  long-term 
strategic  objectives. 

Kaplan  can  be  reached  at  jkaplan  @thinkstrate 
gies.com. 


The  upshot:  Corporate  IT 
must  take  greater  control 
of  day-to-day  operations, 
then  consider  outsourcing 
options  for  getting  its 
infrastructure  in  new  data 
center  shape. 


Do  you  worry  about  .  .  . 


bringing  new  Network  IT  products  to  market? 
reaching  Network/IT  and  Corporate  Managers? 
accelerating  your  sales  cycle? 

getting  your  company's  message  in  front  of  a  powerful  audience  of  Network  IT  buyers? 

Stop  worrying  .  .  . 

when  you  sponsor  a  Network  World  Technology  Tour  and  Expo.  These  dynamic  live 
multi-city  events  will  bring  you  face-to-face  with  the  Network  World  community  —  the 
architects,  strategists,  decision-makers  and  buyers  for  today's  enterprise  networks. 


Network  World  is  now  accepting  sponsorship  bookings  for  2005  Technology  Tours  and 
Expos.  Sponsorships  are  limited  to  guarantee  a  dynamic  experience  for  both  sponsors 
and  attendees  so  act  now. 

Contact  Andrea  D'Amato,  National  Sales  Director,,  Events  and  Executive  Forums ,  at 

800-622-1108,  Ext.  6520  or  adamato@nww.com 
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March 
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April 
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July 
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Wireless  and  Mobility 

Network  Management/IT  Automation 

Remote  Office  Networking 

WAN  Optimization 

Voice  over  IP/Convergence 

Extended:  Wireless  and  Mobility 

SMB 

Security 

Extended:  Voice  over  IP/Convergence 
IT  Road  Map:  2006 


To  attend  a  Network  World  Technology  Tour  and  Expo  free,  register  at  www.networkworld.com/events 
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The  mindset 

matters 


THE  EXPERT:  David  Nolan,  senior  vice 
president  of  professional  services  and 
network  solutions,  Forsythe  Technology 


This  organization 
decentralized  its  IT 
support  for  valid 
reasons  —  to  re¬ 
spond  quickly  to 
acquisitions  and 
other  forms  of 
growth,  and  pre¬ 
sumably  for  better 
cost-justification 
and  containment  of 
IT  spending  as  well 
as  to  align  IT  re¬ 
sources  with  business  unit  needs. 

However,  its  decentralized  approach  has  had 
costly  long-term  results.  Lack  of  standards,  availabil¬ 
ity  problems,  and  security  and  compliance  chal¬ 
lenges  have  led  to  decreased  productivity  increased 
risk  of  business  intermption,  and  —  in  all  likelihood 
—  unnecessary  spending. 

The  first  challenge  in  cases  such  as  this  is  not 
choosing  the  right  technology  but  finding  a  more 
effective  IT  management  mindset.  As  Einstein  is 
reported  to  have  said, “a  problem  cannot  be  solved 
by  the  thinking  that  created  it.”  Corporate  IT  groups 
can  suffer  as  easily  as  siloed  groups  from  an  “incre¬ 
mentalist”  mindset,  especially  when  confronted  with 
the  enticements  of  emerging  technologies. 

Grouping  the  problems 

The  first  step  toward  adopting  a  more  effective 
mindset,  and  thus  reducing  cost  and  risk,  is  to  exam¬ 
ine  how  problems  relate  to  one  another,  and  what 
integrated  set  of  solutions  best  addresses  each 
group  of  issues.  Based  on  many  conversations  with 
organizations  like  this  fictitious  manufacturer,  we 
have  found  a  range  of  IT  issues  that  fall  within  six 
basic  solution  set  areas. 

1.  IT  portfolio  management:  The  ability  to 
tackle  standardization  issues  of  the  sort  described 
in  the  example  requires  knowing  what  you  have.  In¬ 
ventory  auditing  and  asset  tracking  provide  that 
information.  For  any  organization,  but  especially  one 
with  older,  less  reliable  equipment,  streamlined 
maintenance  contract  management  can  help  mini¬ 
mize  business  interruption  by  assuring  that  equip¬ 
ment  failures  will  be  repaired  within  required  time- 
frames.  Together,  these  services  —  along  with  soft¬ 
ware  license  management  —  constitute  overall  IT 
portfolio  management.  The  information  they  pro¬ 
vide  facilitates  easier  short-  and  long-term  manage¬ 
ment,  as  well  as  better  ROl  measurement.  This  en¬ 
ables  more  strategic  investments.  Given  the  chal¬ 
lenges  facing  this  organization,  one  would  have  to 


ask:  Do  the  IT  executives  really  know  what  they 
have?  Do  they  really  know  how  individual  technol¬ 
ogy  assets  support  specific  business  functions? 

2.  Server  optimization:  Technology  and  plat¬ 
form  fashions  aside, server, storage  and  network  con¬ 
cerns  come  down  to  performance,  availability  inter¬ 
operability  manageability  and  budget.  Recent  prolif¬ 
eration,  concerns  about  aging  equipment  and  a 
“mish-mash”  of  technologies  can  be  red  flags  that 
the  time  has  come  to  assess  the  IT  environment. 
However,  effective  server  optimization  methodology 
requires  stepping  back  to  ask  questions  such  as: 
How  do  we  ensure  that  we  meet  our  service-level 
agreements  to  our  customers?  Can  we  find  a  solu¬ 
tion  that  is  better,  faster, 
less  expensive  and 
more  secure? 

3.  Storage  optimiza¬ 
tion:  The  same  is  true 
for  storage  and  net¬ 
works.  In  examining  the 
need  for  storage  opti¬ 
mization,  deciding 
whether  virtual  storage 
(or  a  storage-area  network)  is  the  appropriate  tech¬ 
nology  solution  is  secondary  to  determining  if  and 
how  the  current  state  of  storage  is  affecting  business 
performance,  recoverability  and  compliance-readi¬ 
ness.  Critical  questions  include:  Are  our  backups 
done  properly?  Can  we  really  recover?  Do  we  treat  all 
data  the  same  even  though  some  data  is  far  more 
valuable  than  other  data?  Do  we  know  what  data  we 
have  and  where  it  is? 

4.  Network  optimization:  Network  infrastructure 
is  most  often  the  gating  factor  to  overall  application 
performance  and  availability  And  “new  data  center” 
technologies  such  as  IP  communications,  optical 
and  wireless  offer  tremendous  promise.  However, 
organizations  can  run  into  trouble  putting  the  cart 
before  the  horse  in  terms  of  when  and  why  they  im¬ 
plement  the  new  technologies.  Network  optimiza¬ 
tion  requires  asking  questions  such  as:  What  con¬ 
nectivity  standards  do  we  need  to  support  the  per¬ 
formance  requirements  of  our  different  business 
units  and  locations?  Could  network  convergence 
help  us  cut  our  communication  costs?  Is  our  net¬ 
work  ready  to  support  our  upcoming  IP  telephony 
initiative?  Thinking  about  networks  also  must  lead  to 
a  consideration  of  security  —  though  security  goes 
well  beyond  the  network. 

5.  IT  risk  management:  Compliance, security  and 
business  continuity/disaster  recovery  concerns 
together  constitute  IT  risk  management.  The  biggest 
mistake  many  companies  make  is  to  defer  risk  man¬ 


agement  initiatives  until  after  they’ve  “covered  the 
basics” with  regard  to  infrastructure.This  is  more  risky 
and  costly  than  an  integrated  approach.  IT  risk  man¬ 
agement  is  not  a  technology;  it  is  the  way  a  company 
builds  and  manages  its  enterprise  and  its  processes 
to  handle  varied  risk  factors,  from  security  threats 
and  vulnerabilities  to  compliance  audits  to  knowing 
the  answers  to  questions  such  as:  What  would  hap¬ 
pen  to  our  business  operations,  and  bottom  line,  if 
the  candle  factory  next  door  caught  fire?  What  dam¬ 
age  could  a  savvy  ill-intentioned  hacker  do? 

6.  Sourcing:  To  execute  effectively  based  on  the 
new  mindset,  our  hypothetical  organization  also 
might  want  to  look  at  sourcing  options,  asking  the 

questions:  How  do  we 
find  the  resources  to 
manage  and  execute 
all  of  the  initiatives 
required  to  fix  our 
major  problems  and 
turn  IT  into  a  true  ser¬ 
vices  organization 
capable  of  enabling  the 
business?  How  do  we 
know  our  IT  team  is  looking  at  the  big  picture?  The 
first  question  here  is  not  “Do  we  insource  or  out¬ 
source?”  but  “What  resources  will  this  require?” 

Recognizing  the  interdependencies 

The  next  step  in  adopting  a  better  mindset  is  exam¬ 
ining  the  ways  in  which  the  solution  areas  are  inter¬ 
related  —  rather  like  the  six  sides  of  a  Rubik’s  cube. 
With  the  cube,  there  is  a  danger  of  scrutinizing  one 
side  head-on  and  not  even  seeing  the  others. 
Likewise,  a  change  on  any  one  side  of  the  cube 
affects  the  others  —  such  as  a  change  in  the  storage 
infrastructure  directly  affects  the  server  and  network, 
and  therefore  security  and  recovery  Furthermore, 
getting  one  side  perfectly  solved  is  no  guarantee  that 
one  or  more  of  the  others  aren’t  a  mess.  Finally,  with 
each  turn  of  the  cube,  a  new  “puzzle”  is  created  that 
might  be  easier  or  harder  to  solve.  In  other  words, 
even  the  best  of  intentions  —  or  emerging  technolo¬ 
gies  —  when  implemented  without  a  strategic,  over¬ 
all  plan,  can  make  things  worse. 

Before  making  any  investment  in  new  data  center 
technologies,  this  company  needs  to  invest  in  a  new 
mindset.  After  all,  if  you  can’t  find  the  time  and 
money  to  do  it  right  the  first  time,  where  are  you 
going  to  find  the  resources  to  do  it  all  over  again? 

Nolan  oversees  Forsythe’s  networking  and  security 
businesses,  as  well  as  its  consulting  service  prac¬ 
tices.  He  can  be  reached  at  dnolan@forsythe.com. 


The  upshot:This  company 
needs  a  new  mindset 
before  it  can  venture  into 
new  data  center  planning. 


YOUR  JOB  IS 
OUR  MISSION  I 


LET’S  WORK 


Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It’s  what  your  employees,  suppliers  and  customers  demand  every 
minute  of  every  day.  But  to  deliver  it  flawlessly,  you  need  a  massive  global 
infrastructure,  redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities.  That’s  exactly  what 
SunGard  provides. 


As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save  your 
company,  on  average,  25%*  versus  building  the  infrastructure  yourself.  Plus, 
it’s  a  vendor  neutral  solution  that  lets  you  control  your  data,  applications  and 
network  while  giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving  business  problems 
and  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard  to  restore 

■ 

systems  when  something  went  wrong.  So,  it’s  not  surprising  that  they’re  now 

turning  to  us  to  mitigate  risk  and  make  sure  they  never  go  down  in  the  first 

’  ■ 

You  want  your  network  and  systems  to  always  be  up  and  running.  We  want 

. 

same  thing.  Let’s  get  together.  To  learn  more,  visit  www.3vailabilitv.sungard.com 
call  1-800-468-7483. 
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THE  EXPERT:  Stephen  Nunn,  partner,  Accenture 


Today’s  global  or¬ 
ganizations  are  in¬ 
herently  complex. 
Nowhere  is  this 
more  evident  than 
in  an  organization’s 
data  center.  The 
scene  is  often 
chaotic:  data  cen¬ 
ters  with  hundreds 
(if  not  thousands) 
of  servers,  storage 
units,  multiple  data¬ 
bases  and  dozens  of  operating  systems  —  all  need¬ 
ing  to  work  together  seamlessly  to  satisfy  24-7  user 
demands  and  business  process  application  require- 
ments.The  problems  faced  by  this  major  consumer 
goods  manufacturer  come  as  no  surprise. 

This  organization  needs  to  take  a  holistic  view  of 
its  infrastructure  and  move  to  a  flexible  but  secure 
utility-style  computing  model  through  an  informa¬ 
tion  transformation  program.  The  company’s  objec¬ 
tives  should  be  to  gain  control  of  its  assets  quickly  to 
improve  its  ability  to  support  the  business  strategy  to 
reduce  costs  and  self-fund  longer-term  IT-enabled 
improvements  that  will  drive  greater  business  per¬ 
formance.  Here’s  a  two-phased  approach: 

Phase  1  -  IT  consolidation  program 

This  involves  consolidating,  standardizing  and  in¬ 
tegrating  a  number  of  critical  IT  components  includ¬ 
ing  the  data  centers,  networks,  applications  and 
workplace. 

Doing  this  means  starting  with  an  infrastructure 
strategy  and  plan.  The  company  can  use  such  a 
plan  as  a  blueprint  for  transforming  the  current 
environment  to  a  utility-centric  computing  infra¬ 
structure  through  a  number  of  structured  and  con¬ 
trolled  releases. 

One  of  the  organization’s  key  objectives  should  be 
moving  to  a  smaller  number  of  centralized  and 
highly  resilient  data  centers,  with  consolidation  of 
most  of  its  distributed  servers  within  a  smaller  num¬ 
ber  of  centralized  servers.Typically  we  would  expect 
a  company  such  as  this  to  reduce  its  overall  server 
population  by  30%. 

Ideally  the  company  also  would  undertake  an 
application  rationalization  program.  The  program’s 
intent  would  be  to  analyze  the  need  for  each  appli¬ 
cation  and  to  determine  what  additional  initiatives 
can  be  undertaken. 


The  company  should  consider  a  Wintel  rational¬ 
ization  program  to  categorize  the  servers  and 
address  consolidation  and  standardization  by  server 
category  —  for  example,  file  rationalization  or  mail 
consolidation.  The  company  also  should  consider 
virtualization  software,  such  as  that  from  VMware, 
the  consolidation  of  business  applications  and  the 
minimizing  of  remote  servers.  In  addition,  Unix- 
based  servers  should  be  categorized  and  analyzed 
for  the  type  of  applications  being  hosted  and  the 
development  of  a  more  consolidated  environment. 
This  would  result  in  fewer  platforms  required  for  the 
same  application  portfolio. 

For  storage,  this  company  should  transition  from 
its  mixed  environment  to  a  tiered  model  that  would 
enable  it  to  provision,  categorize  and  move  data  be¬ 
tween  tiers  in  a  seam¬ 
less  manner.  With  tiered 
storage,  the  company 
would  be  able  to  maxi¬ 
mize  utilization  and 
cost. 

A  pre-requisite  to 
effective  data  center 
consolidation  is  a  WAN 
with  sufficient  capaci¬ 
ty  and  resiliency  so  the 
IT  infrastructure  can 
be  centralized  while 
effective  network  con¬ 
nectivity  for  user  ac¬ 
cess  is  maintained.  If  the  company  had  not  already 
done  so,  it  should  move  to  MPLS  for  the  WAN  — 
achieving  not  only  cost  savings  but  also  flexibility 
in  terms  of  capacity 

The  company  also  must  review  its  telephony 
strategy  and  consider  an  IP  convergence  program. 
Initially  it  would  use  the  MPLS  network  to  provide 
toll  bypass  between  PBXs  and  then  as  appropriate 
replace  the  telephony  infrastructure  with  IP- 
enabled  PBXs. 

As  part  of  any  IT  consolidation  program,  the 
desktop  should  be  evaluated  to  see  if  alternate 
methods  of  providing  desktop  services,  such  as 
thin  clients,  could  be  provisioned.  Standardization 
of  the  desktop  also  would  be  of  high  priority  with 
a  program  to  migrate  all  Wintel-based  applications 
onto  Windows  2003. 

Along  with  the  technology  initiatives, the  company 
must  model  the  underlying  IT  organization  around 
the  consolidated  IT  infrastructure.  The  organization 


The  upshot: This  company 
needs  to  undergo  a  two- 
phase  transformation  that 
will  take  it  from  its  current 
state  of  disarray  to  a  flexi¬ 
ble,  on-demand-style  new 
data  center  architecture. 


should  be  underpinned  with  robust  IT  Infrastructure 
Library-based  operational  processes  and  manage¬ 
ment  tools  that  are  able  to  monitor,  alert  and,  wher¬ 
ever  possible,  implement  remedial  actions  pro¬ 
actively,  before  incidents  or  problems. 

Phase  2  -  Infrastructure  virtualization 

This  organization  then  would  need  to  introduce  a 
virtual  layer  into  the  newly  consolidated  and  stan¬ 
dardized  environment.This  layer — which  would  lie 
between  the  company’s  applications  and  its  hard¬ 
ware  —  would  capture  a  uniform  snapshot  of  the  IT 
environment  and  pool  and  connect  IT  resources 
that  had  been  separated  historically.  On  top  of  this 
virtualized  platform,  the  organization  could  install 
software  to  help  manage  and  provision  hardware 

resources  and  to  bal¬ 
ance  and  consolidate 
workloads  continuously 
The  organization  would 
be  able  to: 

•  Move  applications 
among  various  process¬ 
ing  resources  within  its 
data  centers  to  optimize 
performance  across  the 
enterprise. 

•  Allocate  capacity 
and  resources  —  such 
as  utility-based  data 
centers,  mobile  work 

scenarios,  workload  management  and  IP  (voice  and 
data)  services  —  dynamically  and  automatically 

•  Reduce  the  complexity  of  managing  hardware 
from  multiple  vendors  and  eliminate  maintenance 
“downtime.” 

•  Implement  a  simplified  interface  between  IT  re¬ 
sources  and  business  processes. 

•  Measure  provisioning  time  for  new  applications 
in  seconds  (not  days)  and  response  times  for 
change  requests  in  minutes. 

A  number  of  emerging  security  technologies  will 
become  increasingly  critical  in  an  infrastructure 
transformation  program  including  identity  manage¬ 
ment  technology 

The  result  would  be  a  flexible,  highly  secure,  on- 
demand  architecture  that  is  aligned  with  the 
business. 

Nunn  can  be  reached  at  Stephen.nunn@accen 
ture.com. 
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has  it  all 


•  More  ports  shipped  than  all  of  our  competitors  combined! 

•  Over  20  years  of  experience  in  the  industry! 

•  The  best  security  with  per  port  password  protection,  RADIUS,  Secure  Shell  v2.0,  SNMP 
V3,  SecurlD,  TACACS+,  PPP  PAP/CHAP,  PPP  dailback,  on-board  data-base  and  more! 

•  Integrated  secure  power  management  allows  direct  power  control. 

•  Global  certifications,  including  NEBS  Level  3 

•  The  largest  range  of  products  in  the  industry!  (optional  optical  uplinks  available) 

MRV  console  servers  offer  a  highly-reliable,  easy  to  manage  rich  set  of  features,  making 
secure  remote  management  of  IT  assets  possible  from  any  location. 
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Please  join,  us  @  Supercomm,  Chicago.  Booth  Number:  74088 
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Do.you  dream  about  having  an  Internet 

presence  with  red-hot  information  and 


for  professional  content  only  to  discover  it 
was  too  expensive?  I&t  has  your  solution. 

The  1&1  Dynamic  Content  Catalog  lets  you 
enrich  your  site  with  fresh  content  and  real- 
time  news.  Instantly  add  valuable  web  content 
from  a  large  range  of  topics  -  at  no  extra  cost! 


Easy  &  Always  Up-to-Date 

Adding  content  to  your  site  is  quick  and  easy 
with  the  1&1  Dynamic  Content  Catalog.  Select 


easily  via  the  1  &1  Control  Panel 


No  special  programming  skills  are  required, 
there's  no  software  to  install,  and  it's  even 
compatible  with  1  &1  ’s  intuitive  site  building 
tools  or  your  favorite  web  editor.  And,  thanks 
to  the  automatic  content  updates,  your  site  is 
always  current  and  completely  maintenance  free. 
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Add  Dynamic  Wet 
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Modules  of  the  1&1  Dynamic 
Content  Catalog: 


■  Current  news  on  politics, 
economics,  culture  and 
international  affairs 

■  Sports  highlights  and 
game  scores 

■  Entertainment 

■  Health 


■  Travel  information 

■  Online  games 

■  Market  reports 
&  stock  quotes 

■  Science  news 

■  Technology  news 

■  Weather  outlook 
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me  Wasnington  Huskies  got  an  early  start  on  playing  at 
another  level  The  Huskies  flew  to  Albuauergue.  N  M  .the  site  o  1 
their  regional  semifinal  against  Louisville,  on  Monday  to  get 
accustomed  to  the  city's  5,31 4-tool  altitude  The  team  normally 
would  have  left  campus  a  day  later  to  prepare  Tor  Thursday's 
game,  but  coach  Lorenzo  Romar  wanted  nis  players  to  build  up 
their  endurance 
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latest  political,  economic,  cultural, 
and  sports  news.  Make  your  site  the 
source  for  real-time  information. 


Entice  your  visitors  with  information 
on  39  worldwide  travel  destinations, 
complete  with  beautiful,  full-color 
photographs. 


Monday,  April  1ft,  2045 

Temperature: 

weather 

-  m 

partly  s 

Wind: 

Wind  Dirac 

2mph 

NW 

Chance  of  Precipitation: 

UV  Index: 

m 

3 

Weather: 

Display  the  local,  regional  or  national 
weather  forecast  on  your  website, 
with  temperature  and  weather  maps,  5- 
day  forecasts,  and  more. 


1.877.G01AND1 


t 


Content  to 
5s  Websites! 


HOME  PACKAGE 


$A 

No  setup  fee 


99 

PER 

MONTH 


EXCLUSIVELY  FROM  1&1  j  INCLUDES  1  DOMAIN 


C 


1&1  has  even  more  to  offer: 


Product  and  program  specifications,  availability,  and  pricing  subject  to  change  without  notice. 


FOR  MORE  DETAILS  GO  TO 


1AND1.COM 


PACKAGE  FEATURES 


■  Web  space 

1,000  MB 

1,000  MB 

■  Monthly  transfer  volume 

25  GB 

25  GB 

■  FTP  accounts 

1 

i 

■  1  &1  Control  Panel 

/ 

y 

■  90-day  Money  Back  Guarantee 

/ 

y 

■  Loqfiles 

/ 

MARKETING  TOOLS 

SSBI 

99BM 

|  ■  1&1  WebStatistics 

/ _ 

/ 

SITE-BUILDING  TOOLS 

■  1&1  Dynamic  Content  Cataloq 

/ 

y 

■  PDF2Web  Converter 

/ 

v 

■  DynamicSiteCreator 

/ 

y 

■  Graphic  archive 

/ 

y 

■  WebsiteCreator 

1 2  paqes 

12paqes 

■  Software  suite  worth  $600 

/ 

/ 

■  FrontPaqe  extensions 

/ 

/ 

■  CGI  library 

/ 

y 

■  Active  Server  Pages 

- 

y 

DOMAIN  NAMES 

■  Included  Domains 

1 

...  i  j 

■  Subdomains 

10 

■  Run  multiple  independent  sites 

/ 

/ 

■  E-mail  accounts  w / 1  GB  space  each 

/ 

200 

■  Aliases,  auto-responders, 
forwardinq 

/ 

y 

■  1&1  WebMail 

✓ 

■  Spam  filterinq  for  all  accounts 

y 

/ 

■  Virus  protection  for  all  accounts 

y 

/ 

SECURITY  FEATURES 

■  Protected  by  up-to-date  firewall 

y 

✓ 

■  Daily  backups 

y 

/ 

■  Password  protected 
directories 

y 

/ 

■  Dedicated  SSL  Certificate 

optional 

optional 

SUPPORT 

24/7  phone  support 


/ 


24/7  e-mail  support 


/ 


-  Linux  packages  Microsoft  packages 
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SOLUTION  4: 


THE  EXPERTS:  CDW’s  Jeremy  Weiss,  Tim  Keating  and  Crawford  Aimer 


New  data  center  principles  help  organizations 
work  smarter  and  strive  for  an  environment  where 
any  IT  asset  can  be  managed  securely  from  any¬ 
where.  With  that  in  mind,CDW  has  compiled  some 
sample  recommendations  to  help  this  fictitious  con¬ 
sumer  goods  company  transform  its  IT  operations 
into  a  strategic  corporate  asset. 

Applications 

•  Move  applications  off  desktop  clients  to  serv¬ 
er  farms.  Resulting  benefits  would  include  the 
ability  to  facilitate  secure  remote  access;  improve 
network  manageability  and  reliability;  ease  up¬ 
grades  and  new  software  deployments;  enhance 
support  capabilities;  and  give  IT  managers  more 
network  control. 

•  Consider  a  Citrix  environment,  which  would  be 
suitable  for  accomplishing  these  objectives. 

Storage 

•  Consolidate  the  Wintel  environment  onto  high- 
performance  eight-  or  16-way  Intel  servers  running 
virtualization  software. 

•  Implement  a  Fibre  Channel-based  storage-area 
network  in  Boston  to  accept  replication  from  the 
Fibre  Channel-based  SAN  in  New  York.  The  Fibre 
Channel-based  SANs  also  would  act  as  back-end 
storage  for  the  Intel  servers  running  virtualization 
software.  (While  Fibre  Channel-based  SANs  can  be 
complex  and  expensive,  performance  benefits  — 
especially  compared  with  IP  SANs  —  would  out¬ 
weigh  costs.) 

•  Use  terminal  service  software,  such  as  Citrix 
MetaFrame,  for  on-demand  access  and  single  sign- 
on  password  capabilities.  The  centralized  architec¬ 
ture  would  provide  the  greatest  efficiency  for  man¬ 
agement  of  resources. 

•  Deploy  storage  resource  management  software 
to  clean  up  redundant  and  legacy  data  that  the 
company  no  longer  needs. 

•  Back  up  to  disk  using  a  Virtual  Tape  Library 


device  in  concert  with  back-up  software,  then 
offload  to  tape.This  would  expedite  backups. 

•  Implement  an  information  life-cycle  manage¬ 
ment  strategy  to  prioritize  data  so  that  it  is  stored  on 
the  most  appropriate  media  for  saving  money  and 
for  regulation  compliance. 

Bandwidth 

•  Use  multiple  carriers  that  can  each  offer  a  QoS- 
based  service-level  agreement  (SLA). This  would 
allow  carrier  redundancy  among  mirrored  environ¬ 
ments,  providing  alternate  backbone  routes  in  the 
event  of  carrier  failure. 

•  Link  each  data  center  to  the  corporate  WAN  via 
a  global  MPLS  archi¬ 
tecture  to  improve 
capacity,  speed  and 
quality  of  voice  and 
data  transmissions. 

Telephony/video¬ 
conferencing 

•  Deploy  a  Tier-1 
backbone  between 
sites  and  offer  a  SLA  for 
packet  loss,  jitter  and 
latency 

•  Consolidate  to  a  sin¬ 
gle  PBX  brand. 

•  Establish  a  common  PBX  architecture  that 
includes  WAN  upgrades  that  feature  lowest  cost 
routing  and  MPLS. 

•  Implement  a  video  bridge  with  distributed  end¬ 
points  in  the  WAN. 

Global  recommendations 

•  Deploy  facility  management  software  such  as 
Datatrax  Forseer  or  APC  InfraStruXure  to  integrate 
UPS,  generators,  power  strips,  A/C  and  other  facility 
devices  into  one  manageable  GUI. 

•  Implement  racks  with  vented  front  and  rear 


doors,  and  use  three-phase  power  strips  to  help 
minimize  costs  of  balancing  loads  within  racks  and 
on  power  circuits.These  racks  would  allow  for  tem¬ 
perature  and  humidity  monitoring. 

In  the  New  York  and  Boston  data  centers 

•  Install  a  generator  with  an  automatic  transfer 
switch  for  long-term  runtime. 

•  Install  a  UPS  on  any  outlying  distribution  switch¬ 
es  and  at  the  desktops. 

•  Use  online/double  conversion  UPS  to  condition 
power  fully  and  ensure  no  interference  with  IP  tele¬ 
phony  or  harmonics. 

•  Install  an  online/double  conversion  UPS  to  con¬ 
dition  power  from  a  utility  or  generator  and  to  pro¬ 
vide  transitional  uptime  when  a  power  outage  hits. 

•  Install  computer  room  A/C  system  in  conjunc¬ 
tion  with  a  raised  floor  environment  to  address  heat 
and  humidity  concerns. 

In  the  Sydney  and  London  data  centers 

•  Use  UPS  at  the  desktop  and  remote  switch  levels. 

•  Use  generators  depending  on  office  size. 

•  Use  modular  UPS  for  the  server  room  and  core 
switching/telephony  equipment. 

•  Use  raised  flooring  and  A/C  solution  as  in 
New  York. 

Security 

•  Create  and  enforce  corporate  security  policies, 
including  for  wireless  users  and  for  exchanging  cor¬ 
porate  data  with  partners/suppliers. 

•  Decide  on  a  stan¬ 
dard  data  center  operat¬ 
ing  system  to  enable  a 
central  management 
option  for  patching  and 
maintaining  systems. 

•  Upgrade  VPNs  to 
current-generation  ser¬ 
vice/security  routers. 
This  would  allow  for 
faster  throughputs  and 
high  availability  for 
incoming  multicarrier 
lines. 

•  Deploy  a  high- 
throughput  intrusion-prevention  system  to  pre¬ 
vent  bottlenecks  in  front  of  the  server  farm  and 
malicious  traffic  from  getting  into  CRM  systems. 
Alternatively,  add  an  intrusion-detection  system 
blade  on  some  switches  to  help  maintain  core 
speeds. 

•  On  the  Web  server  side,  use  an  application-intel¬ 
ligent  firewall  to  offer  improved  traffic  reporting  and 
prevent  Web  attacks. 

These  CDW  technical  specialty  team  members 
can  be  reached  at  briasch@cdw.com. 


The  upshot:This  company 
can  effectively  transform 
its  IT  operations  into  a 
strategic  corporate  asset 
by  widely  embracing  new 
data  center  technologies 
and  principles. 


NetworkWorld  Media  Sponsor  of 


Berkeley  Varitronics  Systems 

Yellowjacket®  802. 1  l(b,  a  or  g)  Wi-Fi  Analysis  System  measures 
2.4GHz  or  5GHz  WLAN  spectrum  analysis  on  all  network  channels 
as  well  as  AP,  PER,  Multipath,  SSID  and  RSSI  signal  levels.  Optional 
Hive™  software  allows  users  to  survey  indoor  WLANs  and  then 
overlay  the  network  coverage  onto  any  imported  floorplan. 

732-548-3737  •  www.bvsystems.com 


SPEAKER 


NE  8 


CHINA  TELECOM  USA 


China  Telecom  USA  Corporation 

China  Telecom  USA,  a  wholly  owned  subsidiary  of  China  Telecom, 
provides  products,  services  and  technical  expertise,  including  a  full 
range  of  China-domestic,  China-U.S.  and  international  voice,  data 
and  IP  products  and  services.  China  Telecom  USA’s  comprehensive 
product  portfolio  meets  all  business’  telecommunications  needs, 
from  local  loops  to  international  circuits. 

866-692-8872  •  703-787-0088  •  www.chinatelecomusa.com 


BOOTH 


Covaro  Networks,  Inc. 


Covaro  Networks  is  a  leader  in  the  intelligent  Ethernet  demarcation 
space  for  Ethernet  WAN  applications,  and  provides  products  that 
enable  service  providers  to  offer  intelligent  Ethernet  services 
profitably  over  any  facility  —  copper,  fiber,  SONET/SDH  and 
DS3/E3/DS1/E1.  Using  Covaro ’s  unique  Etherjack®  demarcation 
technology,  service  providers  can  offer  carrier-grade  service  defini¬ 
tion,  monitoring  and  diagnostics  for  Ethernet-based  services. 

972-759-1200  •  www.covaro.com 


BOOTH 


MRV  Communications 

Founded  in  1988,  MRV  Communications  provides  leading-edge 
Enterprise  solutions  —  Secure,  Advanced  Accessibility  for  your 
Network.  Our  media  cross  connect  physical  layer  switch,  and 
secure  remote  console  server  solutions  provide  you  with  infinite 
flexibility  and  ease  in  managing  your  network.  We  also  provide  a 
broad  range  of  media  converters,  optical  transport  WDM  systems 
and  optical  switches. 

800-338-5316  •  www.mrv.com 


# 


ROSE 

ELECTRONICS 


Rose  Electronics 

The  UltraMatrix  Remote  is  a  powerful  product  that  extends  the 
range  and  scope  of  your  user  stations  to  control  your  servers  around 
the  office,  around  the  country  and  around  the  world.  With  its  supe¬ 
rior  quality,  robust  feature  set,  durability,  expandability  and  free  life¬ 
time  firmware  upgrades,  the  UltraMatrix  Remote  is  an  outstanding 
value  for  IT  departments. 

281-933-7673  •  800-333-9343  •  www.rose.com 


All  efforts  have  been  made  to  make  this  listing  as  complete  and  accurate  as  possible. 
NetworkWorld  is  not  liable  for  errors  or  omissions. 


Safe,  Secure  and  Available  IT  Services. 


Holes  in  Swiss  cheese  mean  the  cheese  is  ripe.  Holes  in  security  mean  you're  the  one  who's  ripe  -  for  problems.  Unlike  some 
other  KVM  providers,  Raritan  always  encrypts  all  KVM  traffic  -  keyboard,  mouse,  AND  video,  providing  the  most  secure 
solution  on  the  market.  And  the  Dominion  Series  helps  reduce  complexity  and  downtime,  while  increasing  productivity. 
Which  means  your  incident  response  and  problem  resolution  times  get  better.  Instead  of  smelling  like  bleu  cheese. 


For  your  copy  of  a  free  White  Paper: 

"Understanding  the  Security  Implications  of  Deploying  KVM  Over  IP" 
Call  1-800-724-8090  x1428  or  visit  us  at  Raritan.com/1428 


Raritan's  Dominion®  KX. 


Command 

Center--. 


The  XX  Digital  KVM  Switch 
is  a  core  building  block  of 
Raritan's  Complete  Data  Center 
Management  Solution. 


Paragon  II 


Reach 


21Q5  iWntan  Computer,  Inc.  Raritan,’  Paragon,  IP-Reach,  Dominion  and 

andCenter  are  trademarks  or  registered  trademarks  of  Ra-  tan  Computer,  Inc 


When  you're  ready  to  take  control 


Dos  and  don'ts  of  an  IT  org  chart 

See  what  this  company  is  doing  right  and  how  it  can  improve  its  staffing  structure. 


1  NetworkWorld  (j| 


■  BY  TIM  GREENE 


Vendor  management  director 


.1  T  shops  in  midsize  businesses  need  care- 
jfl  fully  thought  out  organizational  hierar- 
■  chies  to  function  efficiently  and  effective-  mS 

The  CIO/VP  of  customer  service  is 
wearing  two  hats.  CIO  should  be  a  full¬ 
time  job  or  risk  loss  of  focus. 

1 

r*  cio 

[ 

VP  of  customer  service  ■ 

ly,  but  often  they  lack  careful  planning.  CIOs 
may  rely  on  personal  influence  and  relation¬ 
ships  to  carry  functions  that  ought  to  be  built 
into  the  structure  itself. 

After  interviewing  more  than  200  IT  organi¬ 
zations,  Marc  Cecere  of  Forrester  Research  rec¬ 
ommends  how  to  deploy  staff  in  a  report  “The 
Structure  of  IT:  Midsize  Shop  Case  Studies.’This 
organizational  chart  of  a  real  company  he 
analyzed  highlights  good  practices  and  points 
out  possible  weaknesses. 

This  IT  department  has  about  450  members. 
Forrester  defines  midsize  IT  shops  as  60  to  800 
members,  which  Cecere  acknowledges 
sounds  arbitrary  but  departments  of  that  size 
have  similar  organizational  patterns. 


Quality  assurance  and  service-level  agreements 
should  be  shifted  out  of  development,  where 
financial  and  time  pressures  can  cause 
conflicts  that  result  in  deployment  of  systems 
without  sufficient  hardening. 


As  is  being  done  here,  direct  reports 
should  be  limited  to  six  to  avoid 
diluting  CIO's  control.  These  direct 
reports  should  be  chosen  to  ensure 
accountability  for  key  roles. 


Operations  director 

•  Technology  planning 

•  Project  management 
and  execution 

•  Technology  architecture 

•  Infrastructure 


Development  director 

F  •  Quality  assurance 

•  Service-level  agreements 

•  Architecture - — - 

•  Application  maintenance 

•  Design/  development 


Strategy  director 

•  Technology  planning 


Architecture 


•  Design/  develop  ment 


There  is  no  need 
for  individual 
departments  to 
have  their  own 
infrastructure 
groups  in  this  size 
business. 


As  this  company  is  doing,  IT  should  be  divided  into  at 
least  two  parts  -  operations  and  development  -  to 
keep  distinct  roles  separate. 


Consolidating  strategic 
groups  and  having  them 
report  directly  to  the  CIO 
would  increase  their 
influence  and  focus  the 
importance  of  long-range 
plans. 


A  vendor  management  team  to  span 
all  groups  can  cut  costs  and  increase 
responsiveness  of  vendors. 


www.networkworld.com 


Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  Just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 


Server  Technology,  Inc. 

Server  Technology,  Inc.  toil  free  +1 .800.835.1515 

3  Sandhill  Drive  tel  -+ 1 .775.284.2000 

Reno,  «V  89521.  te+1  JW.284.2065 


mWw.Servertech.COni 

sales#servertech.coOT 


How  much  can  your  network  analyzer  handle? 

Observer  is  the  only  fully  distributed  network  analyzer  built 
to  cover  your  entire  network  (LAN,  802.Ha/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  10  evaluation  today  and  experience 
more  real-time  statistics,  more  expert  events  and  more  in-depth 
analysis  letting  you  monitor,  troubleshoot  and  manage  every  site 
on  your  network  with  one  complete  solution.  Choose  Observer. 

-5ECURI  tv  COflTROL- Watch  for  virus  and  hack  attacks  to 
quickly  isolate  infected  areas. 

-RlERT-  Setup  Triggers  and  Alarms  on  any  network  threshold 
and  be  the  first  to  know  of  network  issues. 

-ret work  OmeRlORD-  Monitor  bandwidth  utilization, access 
point  utilization  rates  and  network  top  talkers  with  Real-Time  Statistics. 

US  &  Canada  toll  free  800.526.5958 
fax  952.932.9545 

UK  &  Europe  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


Sentry  G  'es  You  eciire  Web/I  P  Based  Remote  Site  Management 


"NEW!"  Secure  Shell  (SSHvS)  Encryption 
"NEW!"  SSLv3  Secure  Web  Browser 
"HEW!"  Active  Directory  with  LDAP 
SNMP  MIB  &  Traps 
Integra  ed  Secure  Modem 
True  RMS  Power  Monitoring 
Outlet  Rece  ptacle  Grouping  for  Dual-Power  Servers 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  S  's 
Power-up  Sequencing  Prevents  Power  In-rush  Overload 
Temperature  &  Humidity  Environmental  Monitoring 
Zero  U  &  Rack-mount  Models 
1 1 0/208  VAC  Models  with  30-Amp  Power  Distribution 
NEBS  Approved  -48  VDC  Models  Available 


mosMsm 

(ext.  309) 

or  visit  us  at: 

geeksoncallfranchise.com 


Find  out  how  you  can  invest  in  one  of  Entrepreneur 
Magazine’s  “Fastest-Growing  Franchises”  #48  (2005), 
“Franchise  500®”  rank  #258  (2005),  and  “Top  New 
Franchises”  #15  (2005).  Single,  Multi-Units  and  Area 
Development  Opportunities  are  now  available. 

For  more  information  call 


©Geeks  On  Call  America,  Inc. 


CdJLI 

<gT 


V1-800-905-GEEK 


www.networkworld.com 
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ASSET  MANAGEMENT 

IN  MINUTES, 

NOT  DAYS. 


The  problem  with  traditional  Asset  Management  solutions,  is  that  while  daiming  to  offer  accelerated 
levels  of  ROI  once  installed,  they  often  overlook  the  cost  of  implementation  in  the  first  place. 

Hours  turn  in  days,  days  into  weeks  and  weeks  into  months.  Before  long,  the  implementation  cost 
exceeds  the  initial  purchase  price  and  that's  before  you  consider  the  on-going  support. 

But  there  is  an  alternative.  One  which  offers  all  the  functionality  you'd  expect  from  an  award 
winning  asset  management  suite  but  with  only  a  30  minute  implementation  path. 

NetSupport  DNA  combines  powerful  powerful  Hardware  &  Software  Inventory  with  Software 
Distribution,  unique  Application  &  Internet  Metering,  best  of  breed  PC  Remote  Control,  Enterprise 
Reporting  and  an  optional  web  based  Helpdesk. 

Think  about  it,  but  not  for  long  as  the  dock's  ticking  -  in  30  minutes,  you  could  be  gathering  vital 
asset  information  and  enterprise  reports  for  the  whole  of  your  network  (and  also  those  users  not 
connected  to  it). 

Visit  www.netsupport-inc.com  and  download  a  full  trial  license  today. 


|j  H/W  Inventory 

1  7  1 

S/W  Inventory 

% 

S/W  Metering 

i  m 
#*• 

S/W  Distribution 

Internet  Metering 

Helpdesk 

Remote  Control 

!  ^ 

Reporting 

!  n 

www.netsupport-inc.com 
Sales:  1-888-665-0808 
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TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  today. 


Ethernet  Copper  nTAP 

for  cooper-tthcopper  connections 
Choose  your  speed: 

10  TOO . $395 

1000 . $995 


.  10:100  1000  Conversion  nTAP 

s '  Copper  input  with  topper  or 

■  fiber  output  options 
Choose  your  analysis  output: 

SX . . . $1,995 

,  U . . . . . $1,995 


|l  Optical  Fiber  nTAP 

Multiple  split  ratios 
Choose  your  port  density: 

Single  channel .  $395 

Pour  channel .  . $1,795 

Six  channel . $2,395 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  wwwjnetworiiTAPsxoiiiAnsftaity  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 

:  cc  * free  overnight  delivery  on  all  U.S.  orders  over  5300.00  confirmed  before  1 2  pm  CST.  (  *TAP 

aTAP  and  the  nTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC,  V/ 


INTELLIGENT 


ETHERNET 


INTELLIGENT  ETHERNET  SI 
LOOK  NO  FURTHER. 


WITH  ETHERJACK0  FROM  COVARO  NETWORKS  you'll  have  all  the  Ethernet 

operations,  administrations  and  maintenance  capabilities  that  you'll  need  to  offer  an  intelligent, 
differentiated  and  profitable  Ethernet  service. 

Every  Etherjack®  port  on  the  Covaro  Connection  family  of  products  contains  an  Ethernet  NID 
function  to  enable  remote  monitoring,  testing  and  diagnostics  on  both  sides  of  the  network.  In 
addition,  the  Etherjack®  demarcation  point  incorporates  an  Ethernet  UNI  with  advanced  service 
definition  to  enable  the  classification  and  prioritization  of  customer  traffic.  And  all  of  our 
solutions  are  aligned  with  emerging  EFM,  MEF  and  ITU  standards  definitions. 

For  more  information  on  Etherjack3  and  our  full  suite  of  Ethernet  extension,  aggregation  and 
demarcation  solutions  go  to:  http://www.covaro.com/intelligent 


Visit  Covaro  at  Supercomm  2005 
June  7-9,  Booth  #57005 

©  2005  Covaro  Networks,  Inc,  All  rights  reserved  Covaro  Networks,  the  Covaro  logo 
and  Etherjack  are  trademarks  or  registered  trademarks  of  Covaro  Networks,  Inc 
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Are  you  adrift  in  a  sea  of  remote  support  software 
options  -  but  with  none  that  meet  all  your  needs? 
NetOp  Remote  Control  is  different.  Unlike  the  bargain 
products  or  those  buried  in  other  applications  - 
NetOp  is  designed  specifically  to  meet  the  remote 
support  and  administration  needs  of  professional 
users  like  you.  NetOp  is  remarkably  flexible,  letting 
you  securely  access  users  running  virtually  any 
operating  system  and  connect  across  all  standard 
communication  protocols.  NetOp's  incredible  speed 
let's  you  quickly  fix  problems  on  distant  LANs,  over 
the  Internet,  or  even  over  slow  modem  connections. 
But  even  more  importantly,  you  can  do  all  this  in 
total  safety,  thanks  to  NetOp's  unparalleled  set  of 
security,  compliance  and  auditing  features.  Give 
your  organization  the  support  -  and  protection  -  it 
deserves.  NetOp  Remote  Control  -  Nothing 
comes  remotely  close. 

©  Copyright  2000-2005  Danware  Data  A/S.  All  rights  reserved.  NetOp  and  the  red 
kite  are  registered  trademarks  of  Danware  Data  A/S.  Other  brand  and  product 
names  are  trademarks  of  their  respective  holders. 


REAL  SECURITY 

Centralized  user  rights, 
authentication  and 
authorization;  multiple 
passwords,  notification 
options  and  encryption 
levels;  advanced  logging, 
session  recording  and 
more.  Optional  Security, 
Name  and  Gateway  server 
modules. 


REAL  CROSS-PLATFORM 

Access  any  Windows,  Linux 
or  Mac  OS  X  system  from 
your  Windows,  Linux  or 
Solaris  desktop,  a  web 
browser,  Pocket  PC 
handheld,  via  Terminal 
Services,  dial-up  modems 
or  even  launch  NetOp  from 
your  USB  Thumb  Drive  on 
a  temporary  PC. 


REAL  SUPPORT  OPTIONS 

Award-winning  remote 
control,  inventory,  remote 
management,  file  transfers, 
VoIP  &  text  chat,  scripting; 
tightly  integrates  with 
systems  management 
applications;  configure  & 
deploy  to  remote  users; 
session  recording  and 
playback,  and  much  more. 


Download  an 
evaluation  copy  at 

www.RemoteControlSW.com 
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Plug  In 
The  Simple 

Solution. 

MovinCool  spot  air  conditioners 

are  the  answer  to  your  overheating 

problems.  Just  roll  it  in.  Plug  it  in. 

Turn  it  on.  It’s  that  simple. 

►  Up  to  60,000  Btu/h  of  cooling 
power  right  where  and  when 
you  need  it 

►  Protects  against  data  loss  and 
equipment  failure 

►  #1  in  portable  air  conditioning 
for  over  30  years 

►  The  only  portable  air 
conditioner  ETL-verified 
for  performance 


MO/INCOOL 

THE  #1  PORTABLE  SPOT  COOLING  SOLUTION 
800-264-9573  or  visit  www.movincool.com 

©2005  DENSO  Sales  California,  Inc.  MovinCool,  SpotCool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation. 
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Production  Tracking  Over  Ethernet 

Eliminate  yo  *  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server : 

Features  £  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Bade  i  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection  .  _ 

Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

■ 

COMI’I  TI-J1WISL 

Gall  1-800-255-3739  or  visit  www.computerwise.coni 


* Security  •  Installers  •  WISPs  •  Hotspots 


VelloujJocket™ 
Hive  Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
solution. 


yeaowwtfm 

802.11  bg  W-LAN  ANALYZER 

>  2.4  GHz  SPECTRUM  ANALYZER 
>  Dual-band  802.11b  &  g  demodulators 

>  Direction  Finding  of  Rogue  AP’s 


Berkeley  Varitronics  Systems  m™,  njo884o 
(732)548-3737  www.bvsystems.com 


Good  things  come 
in  small  packages. 


big  features:  •  Vented  top  and  bottom  panels  •  Cable  plate 
•  Welded  vented  side  panels  with  handle  •  Adjustable  rack 
rails  •  Leveling  feet  •  Optional  casters  •  Vented  front  and  rear 
doors  for  better  air  flow. 


Visit  www.iscdfw.com  or  call  1-800-458-6255  for  more  information. 


Solutions  for  IT  -  Network  -  Telecom  Professionals. 

©  2004  Information  Support  Concepts  Inc.  all  rights  reserved 


FIBER  OPTIC  SOLUTION^ 


»  Tl/El  &  I3/E3  Modems 
»  RS-232/422/485  Modems  and 
Multiplexers 

»  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

>  LAN  -  Arcnet/Ethernel/Token  Ring 
»  Video/Audio/Hubs/Repeaters 

*  ISQ-9001 

►  USB  Modem  and  Hub 

s.s.TECH 

Toll  Free  866-SITech-l 
630-761-3640,.  Fax  630-761-3644 
www.sitech-bitdriver.com  or  www.sitechfiber.com 
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SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


.  ;al  or  remote  sei  ver  management  solutions 


Ultra  Matrix™ 
Remote 

KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  locally  or  over  IP  from  any 
location  worldwide 

Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX, 
ana  serial  devices 

High  quality  video  up  to  1280  x  1024 

Secure  encrypted  operation  with  login  and  computer 

access  control 

Scaling,  scrolling,  and  auto-size  features 

View  real-time  4  computer  connections  using  the  quad- 

screen  mode 


UltraMatrix™ 

E-series 

KVM  SWITCH 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 

...  -  -  •  .•  .  • 

PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status 

between  units  in  an  expanded  system 

Powerful,  expandable,  low  cost 

l\lo  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches.  It 
not  only  provides  a  comprehensive  solution  for  remote  server  console  access, 
this  access  can  be  local  or  from  any  workstation  on  your  network  over  IP. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch 
technolog,  at  an  affordable  price.  The  E-Series  allows  you  to  connect  up  to 
256  users  to  as  many  as  1,000  computers.  The  UltraMatrix  E-Series  is 
available  in  several  sizes:  2x4,  2x8,  2x16,  4x4,  4x8,  4x16,  1x8,  and  1x16 
and  either  PC  or  multi-  platform. 


Ultra  Console™ 

KVM  SWITCH 


SINGLE  USER  KVM  SWITCH 


Supports  PC,  Sun,  UNIX,  Linux,  USB,  and  serial  devices 
Supports  serial  devices  such  as  routers  and  emulates 
VT100/220  terminals 

Plug-in  expansion  cards  allow  the  system  to  easily  be 

expanded  as  the  system  grows 

An  expanded  system  can  connect  up  to  1,000 

computers  to  a  console  user  station 

Powerful  and  expandable,  yet  low  cost 

Video  resolution  up  to  1600  x  1280 

On-screen  menu  informs  you  of  connection  status 

between  units  in  an  expanded  system 

Multi-lingual  Menu  (English,  French,  German,  Spanish, 

Italian,  Portuguese) 


The  UltraConsole  represents  the  latest  in  KVM  switching  technology  at 
affordable  prices.  The  UltraConsole  allows  for  a  central  user  station  to  connect 
to  four,  eight,  or  sixteen  computers  per  chassis,  expandable  to  as  many  as 
1,000  computers,  servers,  or  serial  devices. 


CrystalView  Pro™ 

EXTENDER 
OVER  FIBER 
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DVI/VGA  DIGITAL  KVM 
EXTENDER  OVER  FIBER 


DVI  and  VGA  video  modes 

■  PC  and  USB 

■  PS/2  and  USB  keyboards  and  mouse. 

■  Full  stereo  audio  (optional) 

■  Serial  (optional) 

Ethernet  lOBaseT  Network  management  (optional) 
Extend  a  KVM  station  from  a  CPU  using  fiber  cable: 

■  (MultiMode)  62. 5-micron  cable  up  to  650  ft 

■  (MultiMode)  50-micron  cable  up  to  1,300  ft 

■  (SingleMode)  9-micron  cable  up  to  33,000  ft 
(6  miles) 

Video  resolution  up  to  1600  x  1200 
Flexible  modular  architecture 


The  CrystalView  Pro  fiber  is  the  KVM  extender  of  choice  for  businesses  that 
need  to  extend  and  operate  a  computer,  server,  or  KVM  switch  from  a  great 
distance. 

The  CrystalView  Pro  fiber  makes  this  possible  by  the  use  of  standard  fiber 
optic  cable.  You  can  fully  operate  and  control  a  computer  or  server  from  as 
far  away  as  33,000  feet  using  9-micron  fiber  cable  (Singlemode) 


■  KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 

The  RackView  offers  the  latest,  most  efficient  way  to 
organize  and  streamline  your  server  rooms  and 
multiple  computers.  The  RackView  is  a  rack 
mountable  KVM  drawer  neatly  fitted  in  a  compact 
pull-out  drawer.  This  easy-glide  KVM  drawer  contains 
a  high -resolution  TFT/LCD  monitor,  a  tactile 
keyboard,  and  a  high-resolution  touchpad  or  optical 
mouse. 


RackView 

Fold-Forward 


RackView  RackView 

Fold-Back  LCD  Monitor 


RackView 

Keyboard 
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Vendors  tout  vulnerability  mgmt  wares 


■  BY  ELLEN  MESSMER 

Bolstering  network  vulnerability 
remediation  and  the  ability  to 
track  down  problems  more  quick¬ 
ly  are  the  focus  of  a  variety  of 
products  expected  to  be 
announced  this  week. 

Vulnerability-management 
packages  have  gained  attention 
lately  as  users  struggle  to  patch 
systems,  eliminate  network  weak¬ 
nesses,  find  and  fix  a  plethora  of 
security  configuration  errors,  and 
protect  at-risk  systems. 

The  announcements  include: 

•  Citadel’s  Hercules  4.0  vulnera¬ 
bility-management  product,  an 
agent-based  scanner  that  can  inte¬ 
grate  information  collected  by 
scanners  from  Internet  Security 
Systems,  eEye  and  Harris,  to  create 
an  asset  inventory 

•  StillSecure’s  upgrade  of  its  VAM 
security  software  to  include  an 
analytics  module  that  provides 
forensics  capabilities. 

•  Sourcefire’s  update  of  its  3D 
System  vulnerability-detection 
and  intrusion-prevention  suite  to 
feature  better  problem  reporting. 

Hercules  4.0  adds  an  audit  and 
compliance-check  feature  that 
lets  managers  generate  reports  tar¬ 
geted  at  fulfilling  regulatory 
requirements. 

“Hercules  now  has  templates  to 
map  to  these  regulations,  without 
having  to  necessarily  schedule 
remediation  measures,”  says  Carl 
Banzoff,  CTO  at  Citadel. 

In  other  changes,  Citadel  also  is 
offering  the  Hercules  server  —  the 
component  for  managing  report¬ 
ing  and  remediation  —  as  a  hard¬ 
ware  appliance  for  managers  pre¬ 
ferring  the  ease  of  installation 
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associated  with  one  in  contrast  to 
acquiring  a  server  separately  In 
addition,  vulnerability-manage¬ 
ment  reporting  now  can  be  dis¬ 
played  in  a  graphic  format. 

The  software  agent  that’s  part  of 
Hercules  4.0  has  added  support 
for  the  Network  Admission  Con¬ 
trol  (NAC)  protocol  developed  by 
Cisco  and  its  partners  to  detect 
whether  anti-virus  updates  are  in 
place  or  Windows-based  software 
has  been  updated  for  patches  be¬ 
fore  allowing  network  access. 

Banzoff  says  customers  aren’t 
yet  using  the  NAC  capability  in  the 
updated  Hercules  product. 

Competitor  StillSecure’s  upgrade 
to  VAM  includes  the  VAM  vulnera¬ 
bility  and  asset  management  soft¬ 
ware,  the  SafeAccess  endpoint 
scanner  and  the  BorderGuard 


RFID 

continued  from  page  1 

Cisco’s  biggest  enterprise  cus¬ 
tomers  are  emphatic  about  their 
infrastructure  requirements  for 
RFID,  says  Mohsen  Moazami,vice 
president  of  Cisco’s  Internet 
Business  Solutions  Group. 

“They  all  say,  ‘If  I’m  going  to 
install  10,000  RFID  readers  on  my 
network,  you  have  to  ensure  they 
are  good  citizens  on  the  net¬ 
work,’”  he  says. 

RFID  pilots  typically  involve 
some  tens  of  readers,  installed  in 
a  few  sites, scanning  tags  on  a  lim¬ 
ited  number  of  items.The  readers 
radiate  a  signal,  usually  in  the 
900-MHz  band,  which  activates  a 
tag,  causing  it  to  reflect  some  of 
that  received  energy  back,  along 
with  the  unique  ID  number 
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intrusion-prevention  system. 

VAM  now  will  include  NAC  sup¬ 
port  in  the  SafeAccess  v.3.5  soft¬ 
ware,  expected  to  ship  in  early 
July  The  SafeAccess  scanner  has 
its  own  method  for  checking  anti¬ 
virus  and  patch  updates,  but  sup¬ 
port  for  the  NAC  protocol  broad¬ 
ens  the  product’s  policy  enforce¬ 
ment  to  Cisco,  as  well. 

“We’re  a  Cisco  shop  and  could 
see  using  it  in  the  future, ’’says  Chris 
Asaro,  network  engineer  at  New 
England  School  of  Lavy  which  uses 
StillSecure’s  SafeAccess  to  check 
staff  and  student  computers. 

The  agentless  SafeAccess  scan¬ 
ner  looks  to  find  out  if  each  com¬ 
puter  has  up  to  date  anti-virus  and 
Windows  patches. 

Asaro  says  the  Boston  law 
school  last  year  began  this  securi- 


embedded  in  the  tag’s  tiny 
processor.  That  number  is  passed 
back  to  a  local  server,  running 
RFID  middleware  and  applica¬ 
tions  to  aggregate  and  manage 
the  data. 

Nearly  all  of  these  deployments 
use  proprietary  protocols  be¬ 
tween  the  tags  and  the  readers, 
and  the  readers  and  the  server- 
based  software.  Equipment  sup¬ 
porting  EPCglobal’s  Generation  2 
air  interface  protocol,  and  the 
IETF’s  proposed  Simple  Light¬ 
weight  RFID  Reader  Protocol,  is 
just  now  being  certified. 

Dave  Husak,  Reva’s  CTO,  has  a 
nightmare  vision  of  the  next 
phase  of  RFID.  Imagine,  he  says,  a 
Fortune  100  applications  archi¬ 
tect  or  CIO  walking  up  to  the  net¬ 
work  IT  manager’s  desk  and  say¬ 
ing  “I’ve  just  bought  500,000  RFID 
readers.  I’d  like  them  installed 
and  operating.” 

“I  can  guarantee  you  that  guy 
[the  network  IT  manager]  has 
not  been  at  the  table  during  the 
RFID  discussions,”  Husak  says. 

What’s  needed,  he  says,  is  a  lay¬ 
ered  architecture  for  RFID, 
embodied  in  an  appliance-like 
controller  that  dovetails  with  the 
current  enterprise  network.  Look¬ 
ing  downstream  to  the  readers, 
the  controller  coordinates  the 
activities,  monitors  and  manages 
the  radio  frequency  environ¬ 
ment,  authenticates  readers,  and 
consolidates  RFID  data.  Looking 
upstream,  toward  the  enterprise 
network,  the  controller  interfaces 
with  services  such  as  DHCP  pre¬ 
sents  data  to  higher  level  applica¬ 
tions  and  databases,  and  links 
with  enterprise  security  and 


ty  procedure  after  students  re¬ 
turned  from  summer  vacation 
with  their  laptops  infected  with 
worms  and  viruses, which  brought 
the  campus  network  to  a  crawl. 

Meanwhile,  Sourcefire  will  bol¬ 
ster  its  Sourcefire  3D  System  by 
adding  a  3D  System  scanner  and 
policy-enforcement  tool,  called 
Real-Time  Network  Awareness 
(RNA).  The  feature  will  add  sup¬ 
port  for  third-party  tools,  including 
the  Nessus  freeware  scanner,  the 
Shavlik  Patch  Management 
System  and  Cisco  IDS  event  data. 

According  to  Doug  Herd,  direc¬ 
tor  of  product  marketing,  the 
expansion  of  RNA  means  it  can 
do  a  targeted  active  scan  in  addi¬ 
tion  to  RNAs  previous  passive  dis¬ 
covery  of  machines  by  watching 
traffic. 


“By  integrating  it  with  Nessus,  it’s 
going  to  provide  more  definite 
information  in  the  RNA  vulnera¬ 
bility  database,”  Herd  says.  That 
data  can  be  shared  with  the 
Sourcefire  IPS  to  block  attack  traf¬ 
fic  targeted  at  high-risk  servers  or 
desktops,  and  well  as  remediating 
problems  through  the  Shavlik 
Patch  Management  System. 

Hercules  4.0  starts  at  $19,750  to 
monitor  500  devices,  and  also  is 
available  under  a  monthly  sub¬ 
scription  for  $1,000  plus  75  cents 
per  remediation  change  for  con¬ 
figuration  or  patch  update. 

StillSecure’s  VAM  starts  at  $53 
per  IRand  an  additional  $40  per 
user  for  SafeAccess. 

Sourcefire’s  3D  System  starts  at 
$4,000  and  ranges  up  to 
$1 89,000.  ■ 
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Location: 

PROFILE: 

REVA  SYSTEMS 

Chelmsford,  Mass. 

Founded: 

April  2004 

Business: 

Server  appliances  for  RFID  network  infrastructure: 
product  announcement  due  this  summer. 

Management: 

CEO  Ashley  Stephenson,  formerly  with  Xedia;  CTO 
Dave  Husak,  formerly  with  C-Port;  vice  president  of 
engineering  Mike  Grady,  formerly  with  Argon. 

Finances: 

$6  million,  raised  in  April  2004,  from  Charles  River 
Ventures  and  North  Bridge  Venture  Partners. 

Competitors: 

Unclear,  but  Cisco  and  Symbol  are  among  the  likely  ones. 

Fun  fact: 

The  word  “reva”  means  “new  beginning"  in  an.lndian 
dialect  and  “rain”  in  Hebrew;  but  it  was  chosen  because 
"we  just  liked  it,"  Husak  says. 

management  capabilities. 

The  layering  means  application 
developers  will  be  able  to  write 
RFID  applications  without  taking 
into  account  underlying  details 
about  protocols,  readers  or  tags. 
Today  if  a  reader  breaks  and  is 
replaced,  a  developer  has  to  re¬ 
write  part  of  the  RFID  applica¬ 
tion,  says  Ashley  Stephenson, 
Reva  CEO. 

Reva  and  Cisco  agree  on  the 
benefits  of  moving  RFID  func¬ 
tions  into  the  network  hardware. 
Cisco’s  Moazami  ritually  cited 
company  policy  about  net  com¬ 
menting  on  unannounced  prod¬ 
ucts,  but  did  say,  “generically 
speaking,  our  approach  is  adding 
more  functionality  to  our  boxes.” 
Currently  Cisco  is  working  with  a 
wide  range  of  RFID  tag,  reader, 
and  middleware  vendors,  as  well 
as  major  systems  integrators  to 
provision  RFID  pilots  that  can  be 
scaled  eventually  into  large 
deployments,  he  says. 


Those  cooperative  efforts  are 
addressing  a  range  of  enterprise 
concerns,  including  security  and 
authentication.  It’s  likely  those 
efforts  will  result  in  new  Cisco 
software,  and  better  integration  of 
these  various  products.  For  exam¬ 
ple,  how  do  you  prevent  some¬ 
one  with  a  handheld  reader  from 
walking  in  and  scanning  your 
tags  for  data?  Remote  manage¬ 
ment  and  upgrades  for  RFID 
readers  is  another  pressing  enter¬ 
prise  concern,  Moazami  says. 
Location  services  that  can  pin¬ 
point  a  broken  RFID  reader  will 
be  essential  in  large-scale  net¬ 
works,  he  adds. 

“So  far,  the  market  has  been  so 
focused  on  the  reader  and  tag  in¬ 
tegration,  that  it  hasn’t  paid  much 
attention  to  what  happens  after 
these  readers  connect  to  the 
‘cloud  [the  enterprise  network] 
Moazami  says. “Thai  will  be  a  key 
determinant  of  successful  RFID 
deployments.”H 
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Plugging  leaks 

A  sampling  of  products  designed  to  keep  sensitive  information  from  leaving  companies. 


Company 

Product  Price  I  Availability 

Fidelis 

Reconnex 

iGuard  1300 

starts  at  $25,000 

Now 

fwius 

has^d^chnotogy)  °etW0H<  ||| 

C-:  tjk'Z  y" .  a 
@i  im  m 

•Auguet 

PortAuthority 
Technologies 
(formerly  Vidius) 

PortAuthority  (adds  support  for  internal  e-mail 
monitoring  and  blocking) 

starts  at  $20,000 

Now 

8  VOntu  1 1  |  Vontu  4.0  (adds  blocking  of  outbound  <Hnai?  content) 

‘ 

Data  leakage 

continued  from  page  1 

(see  graphic,  right). 

Data-leakage  prevention  prod¬ 
ucts  typically  work  by  being 
allowed  access  to  databases  to 
keep  track  of  what  an  organiza¬ 
tion  considers  sensitive  data  and 
compare  it  with  what  goes  out. 
But  questions  of  false  positives, 
missed  leaks  and  its  expense  — 
$100,000  is  not  an  unusual  price 
—  have  kept  leakage  detection  in 
a  niche  reserved  for  a  limited 
group  of  companies  and  govern¬ 
ment  agencies. 

Inside  jobs 

“It  does  stop  e-mail  with  sensi¬ 
tive  data,”  says  Janet  Behnke,  IT 
manager  at  First  Financial  Credit 
Union  in  Los  Angeles,  which  uses 
a  gateway  from  Vidius  (now 
called  PortAuthority  Technolo¬ 
gies)  at  its  Internet  access  point. 
The  product  is  used  to  watch  for 
sensitive  information,  including 
customer  account  numbers,  bal¬ 
ances  and  ATM  card  numbers. 

Most  credit  union  employees 


PortAuthority  GEO  Pete  Foley  says 
there  is  tremendous  opportunity  to 
thwart  unauthorized  disclosure  of 
sensitive  information. 


whose  e-mail  is  blocked  by  Fbrt- 
Authority  —  the  average  is  20  to 
25  unauthorized  e-mails  per  day 
—  are  sending  out  sensitive  data 
by  mistake,  Behnke  says.  But  there 
have  been  instances  where  the 
bank  caught  employees  forward¬ 
ing  customer  information  to  bro¬ 
kers  in  order  to  make  money 

“They  did  it  because  they  were 
trying  to  get  commissions,” 
Behnke  says,  adding  that  these 
employees  were  terminated.  Port- 
Authority  “saved  us  from  a  lot  of 
exposure,”  she  says. 

This  insider-theft  problem  is 
similar  to  that  facing  Bank  of 
America  and  Wachovia,  which  in 
iate  May  acknowledged  massive 


data  leaks  involving  stolen 
account  data  on  tens  of  thou¬ 
sands  of  customers  sold  by  bank 
employees. 

Bank  of  America,  which  says  it 
has  deployed  the  Vontu  informa¬ 
tion-leakage  product,  declined  to 
say  where  the  content  monitor¬ 
ing  helped  in  uncovering  the 
problem,  which  involved  use  of 
e-mail  as  well  as  simply  printing 
out  customer  information. 

A  Bank  of  America  spokes¬ 
woman  says  the  bank  couldn’t 
discuss  the  forensics  while  the 
investigation,  which  includes  the 
Department  of  the  Treasury  as 
well  as  the  Hackensack,  N.J., 
police,  continues. 

While  corporate  users  of  infor¬ 
mation-leakage  detection  prod¬ 
ucts  say  the  offerings  are  effec¬ 
tive  in  general,  they  acknowl¬ 
edge  that  the  products  aren’t 
perfect. 

PortAuthority  registers  false 
positives  every  day,  Behnke  says. 
“It’s  pretty  low,  maybe  1%,  but  it 
happens,”  she  adds. 

“We  do  get  false  alerts  often,” 
says  Jeff  Karafa,CFO  and  head  of 
operations  at  the  Community 
Bank  of  Dearborn,  Mich.,  which 
has  deployed  leakage-preven¬ 
tion  products  from  another  ven¬ 
dor,  Reconnex.  Nevertheless,  the 
Reconnex  iGuard  monitoring 
and  blocking  product  has 
proven  its  worth  since  being 
installed  in  February,  he  says. 

“We  had  an  employee  who 
innocently  sent  out  a  list  of  cus¬ 
tomers  but  forgot  to  encrypt  the 
file,”  he  says.“It  caught  that.” 

In  a  rarer  instance,  the  bank 
caught  an  employee  copying 
and  sending  out  confidential 
information  deliberately  for 
more  nefarious  purposes.  “This 
person  was  dismissed,”  he  says. 

Strict  regulatory  requirements 
in  the  banking  industry  for  data 
privacy  is  driving  its  adoption, 
Karafa  says. 

Both  he  and  Behnke  say  the 
data-leakage  prevention  prod¬ 
ucts  they  use  are  a  help  in  sup¬ 
plying  evidence  when  it’s  needed 


to  confront  suspicious  behavior. 

Battling  for  customers 

Despite  such  praise,  most  of  the 
network-based  data-leakage  pre¬ 
vention  vendors  don’t  count 
more  than  two  dozen  customers 
each,  even  though  some  of  the 
companies  have  been  around  for 
a  couple  of  years. 

Fidelis,  with  its  DataSafe  prod¬ 
uct  for  monitoring  e-mail,  instant 
messaging  and  Web  traffic,  has 
four  customers:  the  Washington, 
D.C.,  public  school  system;  the 
city  of  Alexandria, Va.;  the  Pension 
Benefits  Guaranty  Association; 
and  an  Israeli  telecom  provider. 

Fidelis  founder  and  CEO 
Timothy  Sullivan  says  he  likes  to 
call  the  $100,000  DataSafe  gate¬ 
way  an  “extrusion  prevention  sys¬ 
tem,”  a  phrase  the  company  is 
copyrighting. 

Most  of  the  data-leakage  preven¬ 
tion  vendors  —  and  some  of  the 
venture  capital  firms  backing 
them  —  seem  hopeful  about  the 
future  despite  a  small  customer 
base. 

The  newly  renamed  PortAuthor¬ 
ity  Technologies  just  gained  $13.4 
million  in  funding  from  Greylock 
Partners,  Sequoia  Capital  and 
Lexington  Ventures  with  which  to 
further  develop  its  line  and  pro¬ 
mote  a  new  version  of  its  software 
intended  to  monitor  and  block 
internal  mail. 

Although  PortAuthority  claims 
only  22  customers,  new  CEO  Pete 
Foley  is  bullish.There’s  a  "tremen¬ 
dous  opportunity  to  address  a  sig¬ 
nificant  enterprise  challenge  — 
unauthorized  disclosure  of  sensi¬ 
tive  information,”  he  says. 

However,  some  analysts  say 
such  vendors  are  having  trouble 
breaking  out  of  a  niche.  The  ex¬ 
pense  of  the  products,  plus  com¬ 
petition  from  digital  rights  man¬ 
agement  companies,  has  kept  net- 
work-based  data  leakage  and  pre¬ 
vention  something  of  a  luxury 
item. 

“There’s  a  bit  of  a  shooting 
match  between  what  we  some¬ 
times  call  ‘egress  information  pro¬ 


tection’  and  digital  rights  man¬ 
agement,  which  involves  enter¬ 
prise  use  of  encryption,”  says  Trent 
Henry,  an  analyst  at  Burton 
Group.  It’s  not  clear  whether  one 
or  the  other  will  be  widely  adopt¬ 
ed,  but  companies  likely  won’t 
deploy  both,  he  says. 

However,  with  news  about  iden¬ 
tity  theft  and  data  leaks  making 


the  front  page  almost  every  week, 
the  data-leakage  prevention  ven¬ 
dors  say  awareness  of  the  prob¬ 
lem  is  becoming  more  acute  all 
the  time. 

“There’s  a  sense  of  urgency  dri¬ 
ven  by  the  compliance  issue,” says 
Tablus  CTO  Jim  Nesbit. 

CEO  Jim  Ponte  adds  that  solving 
the  insider  threat  problem  “is  not 
only  a  network  issue  but  one  that 
needs  to  be  addressed  at  the 
desktop,  as  well.” 

To  that  end,  Tablus  this  week 
announced  that  by  August  it  will 
have  a  version  of  its  Content 
Alarm  product  that  combines 
network-  and  desktop-based 
monitoring.  The  desktop  content¬ 
monitoring  technology  was 
gained  through  the  acquisition  of 
Indigo  Security  in  February  This 
would  make  Tablus  the  only  net- 
work-based  data-leakage  preven¬ 
tion  vendor  to  include  a  desktop 
monitoring  component.® 


Gaining  speed,  Citrix 
buys  NetScaler 

■  BY  STACY  COWLEY 

Citrix  last  week  said  it  would  acquire  application  acceleration  hard¬ 
ware  vendor  NetScaler  for  about  $300  million  in  cash  and  stock. 

NetScaler  makes  application  appliances  that  handle  such  tasks  as 
load  balancing,  content  caching  and  remote-access  functionality.  Its 
customers  include  Google,  Amazon.com,  Microsoft’s  MSN  and  Ticket- 
master.  NetScaler  estimates  that  as  many  as  75%  of  Internet  users  pass 
through  a  NetScaler  system  each  day. 

The  company  also  focuses  on  optimizing  delivery  of  custom  Web 
applications  and  ERP  applications  such  as  those  from  Siebel,  SAP 
and  Oracle.  That  market  is  where  Citrix  sees  NetScaler’s  technology 
complementing  its  own  flagship  Presentation  Server  for  managing 
and  deploying  enterprise  applications,  according  to  David  Jones, 
Citrix’s  senior  vice  president  of  corporate  development. 

Citrix  plans  to  let  NetScaler  continue  operating  fairly  autonomously 
in  San  Jose,  under  the  leadership  of  current  NetScaler  CEO  B.V 
Jagadeesh.  NetScaler  will  be  renamed  the  Citrix  Application  Net¬ 
working  Group,  and  Jagadeesh  will  report  to  Citrix  CEO  Mark  Temple¬ 
ton.  Citrix  expects  to  retain  most  of  NetScaler’s  200  employees,  Jones 
says. 

Pending  shareholder  and  regulatory  approvals,  Citrix  expects  the 
deal  to  close  in  the  third  quarter,  after  which  it  will  immediately  begin 
offering  NetScaler’s  products  through  its  own  channel.  NetScaler  is 
privately  held.  Citrix  valued  the  deal  at  $300  million  and  said  it  will 
pay  45%  of  the  purchase  price  in  cash  and  the  rest  in  shares  of  its 
stock. 

Citrix  has  used  several  acquisitions  to  expand  its  product  line, 
including  its  $50  million  purchase  last  year  of  SSL  VPN  vendor  Net6 
and  its  2003  buyout  of  GoToMyPC  maker  Expertcity.  Jones  says  Citrix 
has  retooled  its  acquisition  strategy  following  the  “difficult”  integra¬ 
tion  of  its  first  major  purchase,  its  2001  takeover  of  portal  software 
maker  Sequoia  Software.  On  its  next  major  deal,  Expertcity  Citrix 
decided  to  let  the  company  continue  running  separately,  a  strategy 
that  has  paid  off  through  a  smoother  transition. 

Citrix  competes  with  a  variety  of  vendors,  including  Cisco,  Microsoft, 
Sun,Aventail  and  Juniper. 

Cowley  is  a  correspondent  with  the  IDG  News  Service. 
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BackSpin 


Mark  Gibbs 


Death  to  manuals 


ell,  the  flood  of  comments 
from  the  last  two  weeks  of 
musing  on  Apple’s  software 
deficiencies  continues  unabated. 
Many  of  your  comments  are  very 
interesting  and  insightful  —  thanks 
to  all  who  replied  and  forgive  me 
for  not  replying  individually. 

Some  of  the  most  pointed  comments  came  from 
those  of  you  who  have  noticed  that  the  Macintosh 
operating  system  has,  for  some  time,  had  problems 
when  large  numbers  of  fonts  are  loaded. 

According  to  reader  Russ  LaPlante  (using  Mac 
OS  X  10.3), “Our  design  group  would  like  to  keep 
700  fonts  available. . .  .When  they  run  Suitcase  XI 
[a  third-party  font  utility]  to  make  these  fonts  avail¬ 
able  to  the  system  ...  the  [Apple  font  manager  sub¬ 
system]  chokes  on  the  fonts  being  introduced.  I 
can  see  the  [Apple  font  manager  subsystem]  get¬ 
ting  ‘hung’  and  using  something  like  5%  CPU  while 
it  crawls  through  the  task  of  loading  up  fonts. 
Apple  needs  to  beef  up  this  app,  big  time.” 

1  looked  around  the  ‘Net  to  see  whether  there  are 
other  OS  X  font  management  problems.  There  are 
(see  http://tinyurl.com/chdmo).  It  appears  that  OS 
X  10.4  (Tiger)  might  suffer  from  the  same  issues 
even  when  large  numbers  of  fonts  aren’t  involved! 

Reader  Cliff  Sobchuk  raised  an  interesting  issue 


over  the  desire  many  of  us  have  “to  just  use  the 
device”  without  referring  to  the  manual.  He  asked, 
“did  the  user  read  the  documentation  and  did  the 
documentation  indicate  the  use  of  libraries  to  han¬ 
dle  large  volumes  of  photos?  If  not,  please  rant  as 
loud  as  you  can  to  Apple’s  Customer  Care  to  get 
them  to  rectify  the  situation.” 

What  he  is  apparently  suggesting  is  that  I  should 
RTFM  (which,  for  you  newbies  out  there,  stands 
for“Read  The  Freakin’  Manual”). The  answer  is, of 
course,  no. 

I  don’t  think  there’s  any  reason  why  we  should 
need  a  manual  for  99%  of  modern  software.  Just 
consider  how  complex  most  recent  personal  pro¬ 
ductivity  applications  are.  Manuals  for  these  appli¬ 
cations  can’t  even  begin  to  cover  what  they  can  do 
and  if  you  can’t  just  dive  in  and  figure  it  out  then 
to  hell  with  it. 

Moreover,  physical  manuals  that  have  any  depth 
can’t  be  indexed  adequately  to  make  it  possible  to 
find  things  that  answer  questions  the  indexer  hasn’t 
thought  of  anyway. 

The  only  really  good  manuals  are  more  like 
books  and  where  you  often  find  these  kinds  of 
guides  is  in  the  graphics  world.  By  way  of  example, 
the  documentation  for  Jasc  Software’s  Paint  Shop 
Pro  and  ACD  Systems’  Canvas  have  the  organiza¬ 
tion  and  style  that  makes  them  more  than  manuals. 
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Even  then,  wouldn’t  it  be  better  to  have  the  doc¬ 
umentation  built  into  the  application? 

To  give  the  company  its  due,  Microsoft  has  done 
a  lot  of  work  in  this  area  by  adding  extensive  and 
searchable  HTML-based  documentation  in  many 
of  its  products  as  well  as  extending  the  informa¬ 
tion  with  extra  content  acquired  dynamically 
from  its  Web  site. 

Another  good  example  of  this  style  can  be  found 
in  one  of  my  favorite  products:  Infomersion’s 
Excelsius.  Not  only  is  the  documentation  embed¬ 
ded,  it  also  uses  animated  demos  of  the  product’s 
various  components  to  show  how  they  work.This 
is  the  way  you  get  users  over  the  learning  hump 
and  make  them  happy. 

Future  applications  will  have  to  meet  far  higher 
standards  for  educating  and  assisting  users  than 
they  do  today  because  the  user  environment  is  get¬ 
ting  more  complicated.  Any  company  with  a  half¬ 
way  serious  application  that  doesn’t  keep  pushing 
the  limits  of  how  well  the  program  communicates 
with  and  helps  its  users  might  as  well  not  bother. 
That  means  there  are  a  lot  of  companies  that  need 
to  get  busy  right  now. 

Good  examples  of  bad  manuals  to  backspin@ 
gibbs.com.  Maybe  we’ll  put  ’em  on  Gearblog  (www. 
networkwodd.com/weblogs/gearblog). 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

The  end  of  poetic  license 

Combining  the  clout  of  copyright  law 
with  a  few  lines  of  poetry  in  order  to 

hammer  spammers  was  always  seen  here  as  clever  —  as  gimmicks  go  — 
despite  the  obvious  challenge  of  mustering  enough  legal  muscle  to  make  the 
scheme  work. 

This  unique  approach  —  three  lines  of  copyrighted  haiku  inserted  into  an 
e-mail  header  —  was  why  a  company  called  Habeas  garnered  wide  press 
attention  over  the  past  couple  of  years  in  an  anti-spam  market  that’s  more 
crammed  with  indistinguishable  dreamers  than  an  “American  Idol"  tryout. 

Gimmicks  usually  go  away,  however,  and  such  is  the  case  here  with  the  haiku. 
What's  truly  surprising,  though,  is  that  Habeas  hasn’t  gone  away  with  it . . .  and 
doesn’t  appear  headed  anywhere  but  up  anytime  soon.  Last  week  the  company 
announced  a  breakthrough  deal  with  Microsoft  that  will  see  the  biggest  name 
in  IT  adopting  Habeas'  revamped  SafeList  technology  to  help  it  address  the 
deluge  of  spam  coursing  through  its  Hotmail  and  MSN  platforms. 

Outstanding  news  for  Habeas,  but  what  happened  to  the  haiku? 

“Haiku  is  a  goner,  it's  really  gone,”  says  Habeas  spokesmanTim  Cox.  “We’ve 
purged  it  from  the  lexicon  of  Habeas.” 

Habeas  purged  it  from  its  Web  site,  too,  as  nary  a  line  of  poetry  nor  mention 
of  the  word  haiku  can  be  found  there  today,  a  rather  stunning  turn  for  a  com¬ 
pany  that  made  its  name  solely  on  the  novelty  of  the  approach.  For  those  who 
don’t  recall,  the  idea  behind  the  haiku  was  that  poetry  —  unlike  names,  titles, 
slogans  and  phrases  —  can  be  protected  by  copyright  law.  Habeas  sought  to 
create  a  service  whereby  licensed  senders  would  use  an  e-mail  header  that 
included  the  company's  haiku. 

ISPs  could  be  confident  that  e-mail  carrying  it  was  legitimate,  and  anyone 
using  it  without  permission  could  be  dragged  into  court. 


It  made  enough  sense  to  get  the  company  funded  and  attract  lots  of  curious 
reporters. 

Trouble  is  the  system  just  didn’t  work  as  envisioned. 

“The  haiku  wasn’t  really  adding  any  value  because  the  company  is  not  really 
going  to  be  in  the  business  of  pursuing  miscreant  senders  who  have  trans¬ 
gressed  the  copyright,”  Cox  says.  “It  was  easily  forged  and  people  did  forge  it. 
At  one  point  in  time,  it  became  an  indicator  that  an  e-mail  probably  was  spam.” 

While  a  handful  of  test  cases  were  filed,  the  problem  of  enforcement  band¬ 
width  did  materialize. 

“The  company  really  doesn’t  have  the  wherewithal  to  go  after  these  spam¬ 
mers,"  Cox  says.  “Let  Microsoft,  the  ISPs  and  the  FederalTrade  Commission 
do  that. They've  got  the  lawyers  and  the  budget.” 

New  management  at  the  top  of  the  company  decided  to  quietly  abandon  the 
copyright-based  strategy  in  favor  of  developing  a  broader  range  of  products 
and  services  designed  to  help  legitimate  senders  and  receivers. 

“The  goal  now  is  first  to  be  known  as  the  predominant  e-mail  accreditation 
agency  and  secondly  to  become  known  as  an  independent  mediator  between 
senders  and  receivers,"  Cox  says. 

The  SafeList  technology  being  adopted  by  Microsoft  heads  the  strategy. 

“To  get  on  the  SafeList,  you,  the  sender,  need  to  jump  through  a  ton  of  hoops. 
You  need  to  be  certified  by  Habeas  as  an  accredited  sender,”  Cox  says.  "They 
look  very  carefully  at  your  reputation  on  the  Internet  and  your  sending  prac¬ 
tices.  They  look  to  see  how  you’ve  got  your  server  set  up  in  terms  of  open 
relays. They  check  that  you’re  implementing  authentication  properly  on  out¬ 
board  stuff.  At  the  end  of  the  whole  deal  you  get  the  Habeas  stamp  on  your 
forehead:  You 're  a  good  sender." 

And  you  won’t  have  to  recite  any  poetry  to  prove  it. 


Questions  and  comments  —  in  haiku,  if  you  prefer 
buzz@nww.com. 
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What  you  want  are  the  benefits  of  mobility.  What  you  don’t  want 
is  a  network  full  of  uninvited  guests.  No  problem.  Nokia  is  a 
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around  the  world— all  featuring  our  unique  combination  of  trusted  Check 
Point™  firewall  and  VPN  software.  And  firewalls  are  just  part 
of  our  exceptional  family  of  Secure  Mobile  Connectivity  solutions. 
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